#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
◆ NDEBUG
◆ SepDumpAccessAndStatusList()
Dumps access and status values of each object type in the result list.
Definition at line 353 of file debug.c.
359{
360#ifndef NDEBUG
361 ULONG ResultListIndex;
362 ULONG ObjectTypeIndex;
363 ULONG ResultListLength;
364
365 DbgPrint(
"================== ACCESS & STATUS OBJECT TYPE LIST STATISTICS ==================\n");
366 ResultListLength = IsResultList ? ObjectTypeListLength : 1;
367 for (ResultListIndex = 0; ResultListIndex < ResultListLength; ResultListIndex++)
368 {
369 DbgPrint(
"Result Index #%lu, Granted access rights -> 0x%08lx, Access status -> 0x%08lx\n",
370 ResultListIndex, GrantedAccessList[ResultListIndex], AccessStatusList[ResultListIndex]);
371 }
372
373 for (ObjectTypeIndex = 0; ObjectTypeIndex < ObjectTypeListLength; ObjectTypeIndex++)
374 {
375 DbgPrint(
"================== #%lu OBJECT ACCESS RIGHTS ==================\n", ObjectTypeIndex);
376 DbgPrint(
"Remaining access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.RemainingAccessRights);
377 DbgPrint(
"Granted access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.GrantedAccessRights);
378 DbgPrint(
"Denied access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.DeniedAccessRights);
379 }
380#endif
381}
Referenced by SepAccessCheckWorker().
◆ SepDumpAccessRightsStats()
Dumps security access rights to the debugger.
Definition at line 325 of file debug.c.
327{
328
329
330
331
332
333
334 if (!AccessRights->RemainingAccessRights)
335 {
336 return;
337 }
338
339#ifndef NDEBUG
340 DbgPrint(
"================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
341 DbgPrint(
"Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
342 DbgPrint(
"Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
343 DbgPrint(
"Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
344#endif
345}
Referenced by SepAccessCheckWorker().
◆ SepDumpSdDebugInfo()
Dumps debug information of a security descriptor to the debugger.
Definition at line 217 of file debug.c.
219{
220#ifndef NDEBUG
222 PSID OwnerSid, GroupSid;
224#endif
225
226
228 {
229 return;
230 }
231
232#ifndef NDEBUG
233
238
239 DbgPrint(
"================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
242 DbgPrint(
"SecurityDescriptor->Control:\n");
244
245
246 if (OwnerSid)
247 {
249 DbgPrint(
"SD Owner SID -> %wZ\n", &SidString);
251 }
252
253
254 if (GroupSid)
255 {
257 DbgPrint(
"SD Group SID -> %wZ\n", &SidString);
259 }
260
261
263 {
265 }
266
267
269 {
271 }
272#endif
273}
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Referenced by SepAccessCheckWorker().
◆ SepDumpTokenDebugInfo()
Dumps debug information of an access token to the debugger.
Definition at line 280 of file debug.c.
282{
283#ifndef NDEBUG
285#endif
286
287
289 {
290 return;
291 }
292
293#ifndef NDEBUG
294
295 DbgPrint(
"================== ACCESS TOKEN DUMP INFO ==================\n");
297 DbgPrint(
"Token->ImageFileName -> %s\n",
Token->ImageFileName);
298 DbgPrint(
"Token->TokenSource.SourceName -> \"%-.*s\"\n",
300 Token->TokenSource.SourceName);
301 DbgPrint(
"Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
302 Token->TokenSource.SourceIdentifier.HighPart,
303 Token->TokenSource.SourceIdentifier.LowPart);
304
306 DbgPrint(
"Token primary group SID -> %wZ\n", &SidString);
308
309 DbgPrint(
"Token user and groups SIDs:\n");
310 SepDumpSidsOfToken(
Token->UserAndGroups,
Token->UserAndGroupCount);
311
313 {
314 DbgPrint(
"Token restricted SIDs:\n");
315 SepDumpSidsOfToken(
Token->RestrictedSids,
Token->RestrictedSidCount);
316 }
317#endif
318}
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Referenced by SepAccessCheckWorker().