ReactOS  0.4.15-dev-5606-gf34e425
debug.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for debug.c:

Go to the source code of this file.

Macros

#define NDEBUG
 
#define TOSTR(x)   #x
 
#define ACE_FLAG_PRINT(x)
 
#define SD_CONTROL_PRINT(x)
 

Functions

static PCSTR SepGetAceTypeString (_In_ UCHAR AceType)
 Converts an Access Control Entry (ACE) type to a string. More...
 
static VOID SepDumpAceFlags (_In_ UCHAR AceFlags)
 Dumps the ACE flags to the debugger output. More...
 
static VOID SepDumpAces (_In_ PACL Acl)
 Iterates and dumps each ACE debug info in an ACL. More...
 
static VOID SepDumpAclInfo (_In_ PACL Acl, _In_ BOOLEAN IsSacl)
 Dumps debug info of an Access Control List (ACL). More...
 
static VOID SepDumpSdControlInfo (_In_ SECURITY_DESCRIPTOR_CONTROL SdControl)
 Dumps control flags of a security descriptor to the debugger. More...
 
static VOID SepDumpSidsOfToken (_In_ PSID_AND_ATTRIBUTES Sids, _In_ ULONG SidCount)
 Dumps each security identifier (SID) of an access token to debugger. More...
 
VOID SepDumpSdDebugInfo (_In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
 Dumps debug information of a security descriptor to the debugger. More...
 
VOID SepDumpTokenDebugInfo (_In_opt_ PTOKEN Token)
 Dumps debug information of an access token to the debugger. More...
 
VOID SepDumpAccessRightsStats (_In_opt_ PACCESS_CHECK_RIGHTS AccessRights)
 Dumps security access rights to the debugger. More...
 

Macro Definition Documentation

◆ ACE_FLAG_PRINT

#define ACE_FLAG_PRINT (   x)
Value:
if (AceFlags & x) \
{ \
DbgPrint(#x "\n"); \
}
GLint GLint GLint GLint GLint x
Definition: gl.h:1548
static const ACEFLAG AceFlags[]
Definition: security.c:2423

◆ NDEBUG

#define NDEBUG

Definition at line 11 of file debug.c.

◆ SD_CONTROL_PRINT

#define SD_CONTROL_PRINT (   x)
Value:
if (SdControl & x) \
{ \
DbgPrint(#x "\n"); \
}
GLint GLint GLint GLint GLint x
Definition: gl.h:1548

◆ TOSTR

#define TOSTR (   x)    #x

Function Documentation

◆ SepDumpAccessRightsStats()

VOID SepDumpAccessRightsStats ( _In_opt_ PACCESS_CHECK_RIGHTS  AccessRights)

Dumps security access rights to the debugger.

Definition at line 315 of file debug.c.

317 {
318  /* Don't dump anything if no access check rights list was provided */
319  if (!AccessRights)
320  {
321  return;
322  }
323 
324  DbgPrint("================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
325  DbgPrint("Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
326  DbgPrint("Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
327  DbgPrint("Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
328 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427

Referenced by SepAccessCheck().

◆ SepDumpAceFlags()

static VOID SepDumpAceFlags ( _In_ UCHAR  AceFlags)
static

Dumps the ACE flags to the debugger output.

Definition at line 66 of file debug.c.

68 {
69 #define ACE_FLAG_PRINT(x) \
70  if (AceFlags & x) \
71  { \
72  DbgPrint(#x "\n"); \
73  }
74 
80 #undef ACE_FLAG_PRINT
81 }
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
#define INHERITED_ACE
Definition: ph.h:47
#define ACE_FLAG_PRINT(x)
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746

Referenced by SepDumpAces().

◆ SepDumpAces()

static VOID SepDumpAces ( _In_ PACL  Acl)
static

Iterates and dumps each ACE debug info in an ACL.

Definition at line 89 of file debug.c.

91 {
93  PACE Ace;
95  PSID Sid;
96  UNICODE_STRING SidString;
97 
98  /* Loop all ACEs and dump their info */
99  for (AceIndex = 0; AceIndex < Acl->AceCount; AceIndex++)
100  {
101  /* Get the ACE at this index */
102  Status = RtlGetAce(Acl, AceIndex, (PVOID*)&Ace);
103  if (!NT_SUCCESS(Status))
104  {
105  /*
106  * Normally this should never happen.
107  * Just fail gracefully and stop further
108  * debugging of ACEs.
109  */
110  DbgPrint("SepDumpAces(): Failed to find the next ACE, stop dumping info...\n");
111  return;
112  }
113 
114  DbgPrint("================== %lu# ACE DUMP INFO ==================\n", AceIndex);
115  DbgPrint("Ace -> 0x%p\n", Ace);
116  DbgPrint("Ace->Header -> 0x%p\n", Ace->Header);
117  DbgPrint("Ace->Header.AceType -> %s\n", SepGetAceTypeString(Ace->Header.AceType));
118  DbgPrint("Ace->AccessMask -> 0x%08lx\n", Ace->AccessMask);
119 
120  Sid = SepGetSidFromAce(Ace->Header.AceType, Ace);
121  ASSERT(Sid);
122  RtlConvertSidToUnicodeString(&SidString, Sid, TRUE);
123  DbgPrint("Ace SID -> %wZ\n", &SidString);
124  RtlFreeUnicodeString(&SidString);
125 
126  DbgPrint("Ace->Header.AceSize -> %u\n", Ace->Header.AceSize);
127  DbgPrint("Ace->Header.AceFlags:\n");
128  SepDumpAceFlags(Ace->Header.AceFlags);
129  }
130 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
static VOID SepDumpAceFlags(_In_ UCHAR AceFlags)
Dumps the ACE flags to the debugger output.
Definition: debug.c:66
Definition: card.h:12
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
Definition: sid.c:579
static PCSTR SepGetAceTypeString(_In_ UCHAR AceType)
Converts an Access Control Entry (ACE) type to a string.
Definition: debug.c:27
unsigned int ULONG
Definition: retypes.h:1
Definition: rtltypes.h:992

Referenced by SepDumpAclInfo().

◆ SepDumpAclInfo()

static VOID SepDumpAclInfo ( _In_ PACL  Acl,
_In_ BOOLEAN  IsSacl 
)
static

Dumps debug info of an Access Control List (ACL).

Definition at line 138 of file debug.c.

141 {
142  /* Dump relevant info */
143  DbgPrint("================== %s DUMP INFO ==================\n", IsSacl ? "SACL" : "DACL");
144  DbgPrint("Acl->AclRevision -> %u\n", Acl->AclRevision);
145  DbgPrint("Acl->AclSize -> %u\n", Acl->AclSize);
146  DbgPrint("Acl->AceCount -> %u\n", Acl->AceCount);
147 
148  /* Dump all the ACEs present on this ACL */
149  SepDumpAces(Acl);
150 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427
static VOID SepDumpAces(_In_ PACL Acl)
Iterates and dumps each ACE debug info in an ACL.
Definition: debug.c:89

Referenced by SepDumpSdDebugInfo().

◆ SepDumpSdControlInfo()

static VOID SepDumpSdControlInfo ( _In_ SECURITY_DESCRIPTOR_CONTROL  SdControl)
static

Dumps control flags of a security descriptor to the debugger.

Definition at line 158 of file debug.c.

160 {
161 #define SD_CONTROL_PRINT(x) \
162  if (SdControl & x) \
163  { \
164  DbgPrint(#x "\n"); \
165  }
166 
183 #undef SD_CONTROL_PRINT
184 }
#define SE_SACL_PRESENT
Definition: setypes.h:819
#define SE_SELF_RELATIVE
Definition: setypes.h:830
#define SE_DACL_PRESENT
Definition: setypes.h:817
#define SE_DACL_AUTO_INHERITED
Definition: setypes.h:825
#define SE_OWNER_DEFAULTED
Definition: setypes.h:815
#define SE_DACL_DEFAULTED
Definition: setypes.h:818
#define SE_SACL_AUTO_INHERIT_REQ
Definition: setypes.h:824
#define SE_DACL_PROTECTED
Definition: setypes.h:827
#define SE_SACL_PROTECTED
Definition: setypes.h:828
#define SE_GROUP_DEFAULTED
Definition: setypes.h:816
#define SE_SERVER_SECURITY
Definition: setypes.h:822
#define SE_DACL_UNTRUSTED
Definition: setypes.h:821
#define SE_SACL_AUTO_INHERITED
Definition: setypes.h:826
#define SD_CONTROL_PRINT(x)
#define SE_RM_CONTROL_VALID
Definition: setypes.h:829
#define SE_DACL_AUTO_INHERIT_REQ
Definition: setypes.h:823
#define SE_SACL_DEFAULTED
Definition: setypes.h:820

Referenced by SepDumpSdDebugInfo().

◆ SepDumpSdDebugInfo()

VOID SepDumpSdDebugInfo ( _In_opt_ PISECURITY_DESCRIPTOR  SecurityDescriptor)

Dumps debug information of a security descriptor to the debugger.

Definition at line 215 of file debug.c.

217 {
218  UNICODE_STRING SidString;
219  PSID OwnerSid, GroupSid;
220  PACL Dacl, Sacl;
221 
222  /* Don't dump anything if no SD was provided */
223  if (!SecurityDescriptor)
224  {
225  return;
226  }
227 
228  /* Cache the necessary security buffers to dump info from */
233 
234  DbgPrint("================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
235  DbgPrint("SecurityDescriptor -> 0x%p\n", SecurityDescriptor);
236  DbgPrint("SecurityDescriptor->Revision -> %u\n", SecurityDescriptor->Revision);
237  DbgPrint("SecurityDescriptor->Control:\n");
239 
240  /* Dump the Owner SID if the SD belongs to an owner */
241  if (OwnerSid)
242  {
243  RtlConvertSidToUnicodeString(&SidString, OwnerSid, TRUE);
244  DbgPrint("SD Owner SID -> %wZ\n", &SidString);
245  RtlFreeUnicodeString(&SidString);
246  }
247 
248  /* Dump the Group SID if the SD belongs to a group */
249  if (GroupSid)
250  {
251  RtlConvertSidToUnicodeString(&SidString, GroupSid, TRUE);
252  DbgPrint("SD Group SID -> %wZ\n", &SidString);
253  RtlFreeUnicodeString(&SidString);
254  }
255 
256  /* Dump the ACL contents of SACL if this SD has one */
257  if (Sacl)
258  {
260  }
261 
262  /* Dump the ACL contents of DACL if this SD has one */
263  if (Dacl)
264  {
266  }
267 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
#define FALSE
Definition: types.h:117
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
static VOID SepDumpSdControlInfo(_In_ SECURITY_DESCRIPTOR_CONTROL SdControl)
Dumps control flags of a security descriptor to the debugger.
Definition: debug.c:158
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
static VOID SepDumpAclInfo(_In_ PACL Acl, _In_ BOOLEAN IsSacl)
Dumps debug info of an Access Control List (ACL).
Definition: debug.c:138

Referenced by SepAccessCheck().

◆ SepDumpSidsOfToken()

static VOID SepDumpSidsOfToken ( _In_ PSID_AND_ATTRIBUTES  Sids,
_In_ ULONG  SidCount 
)
static

Dumps each security identifier (SID) of an access token to debugger.

Definition at line 192 of file debug.c.

195 {
196  ULONG SidIndex;
197  UNICODE_STRING SidString;
198 
199  /* Loop all SIDs and dump them */
200  for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
201  {
202  RtlConvertSidToUnicodeString(&SidString, Sids[SidIndex].Sid, TRUE);
203  DbgPrint("%lu# %wZ\n", SidIndex, &SidString);
204  RtlFreeUnicodeString(&SidString);
205  }
206 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427
#define TRUE
Definition: types.h:120
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
unsigned int ULONG
Definition: retypes.h:1

Referenced by SepDumpTokenDebugInfo().

◆ SepDumpTokenDebugInfo()

VOID SepDumpTokenDebugInfo ( _In_opt_ PTOKEN  Token)

Dumps debug information of an access token to the debugger.

Definition at line 274 of file debug.c.

276 {
277  UNICODE_STRING SidString;
278 
279  /* Don't dump anything if no token was provided */
280  if (!Token)
281  {
282  return;
283  }
284 
285  /* Dump relevant token info */
286  DbgPrint("================== ACCESS TOKEN DUMP INFO ==================\n");
287  DbgPrint("Token -> 0x%p\n", Token);
288  DbgPrint("Token->ImageFileName -> %s\n", Token->ImageFileName);
289  DbgPrint("Token->TokenSource.SourceName -> \"%-.*s\"\n",
290  RTL_NUMBER_OF(Token->TokenSource.SourceName),
291  Token->TokenSource.SourceName);
292  DbgPrint("Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
293  Token->TokenSource.SourceIdentifier.HighPart,
294  Token->TokenSource.SourceIdentifier.LowPart);
295 
296  RtlConvertSidToUnicodeString(&SidString, Token->PrimaryGroup, TRUE);
297  DbgPrint("Token primary group SID -> %wZ\n", &SidString);
298  RtlFreeUnicodeString(&SidString);
299 
300  DbgPrint("Token user and groups SIDs:\n");
301  SepDumpSidsOfToken(Token->UserAndGroups, Token->UserAndGroupCount);
302 
304  {
305  DbgPrint("Token restricted SIDs:\n");
306  SepDumpSidsOfToken(Token->RestrictedSids, Token->RestrictedSidCount);
307  }
308 }
ULONG DbgPrint(PCCH Format,...)
Definition: debug.c:427
#define TRUE
Definition: types.h:120
static VOID SepDumpSidsOfToken(_In_ PSID_AND_ATTRIBUTES Sids, _In_ ULONG SidCount)
Dumps each security identifier (SID) of an access token to debugger.
Definition: debug.c:192
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:1913
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12

Referenced by SepAccessCheck().

◆ SepGetAceTypeString()

static PCSTR SepGetAceTypeString ( _In_ UCHAR  AceType)
static

Converts an Access Control Entry (ACE) type to a string.

Returns
Returns a converted ACE type strings. If no known ACE type is found, it will return UNKNOWN TYPE.

Definition at line 27 of file debug.c.

29 {
30 #define TOSTR(x) #x
31  static const PCSTR AceTypes[] =
32  {
51  };
52 #undef TOSTR
53 
54  if (AceType < RTL_NUMBER_OF(AceTypes))
55  return AceTypes[AceType];
56  else
57  return "UNKNOWN TYPE";
58 }
#define TOSTR(x)
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE
Definition: setypes.h:727
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:739
#define ACCESS_DENIED_OBJECT_ACE_TYPE
Definition: setypes.h:726
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:734
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE
Definition: setypes.h:722
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:738
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE
Definition: setypes.h:737
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE
Definition: setypes.h:736
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
Definition: setypes.h:725
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
static const ACEFLAG AceType[]
Definition: security.c:2382
#define SYSTEM_ALARM_ACE_TYPE
Definition: setypes.h:720
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE
Definition: setypes.h:732
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:735
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define ACCESS_DENIED_CALLBACK_ACE_TYPE
Definition: setypes.h:733
const char * PCSTR
Definition: typedefs.h:52
#define SYSTEM_ALARM_OBJECT_ACE_TYPE
Definition: setypes.h:728

Referenced by SepDumpAces().