ReactOS  0.4.15-dev-2993-g14fbe80
priv.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/priv.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: No programmer listed.
8  */
9 
10 /* INCLUDES ******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 /* GLOBALS ********************************************************************/
17 
18 #define CONST_LUID(x1, x2) {x1, x2}
53 
54 
55 /* PRIVATE FUNCTIONS **********************************************************/
56 
57 CODE_SEG("INIT")
58 VOID
59 NTAPI
61 {
62 
63 }
64 
65 
66 BOOLEAN
67 NTAPI
70  ULONG PrivilegeCount,
71  ULONG PrivilegeControl,
73 {
74  ULONG i;
75  ULONG j;
77 
78  DPRINT("SepPrivilegeCheck() called\n");
79 
80  PAGED_CODE();
81 
82  if (PreviousMode == KernelMode)
83  return TRUE;
84 
85  /* Get the number of privileges that are required to match */
86  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
87 
88  /* Acquire a shared token lock */
90 
91  /* Loop all requested privileges until we found the required ones */
92  for (i = 0; i < PrivilegeCount; i++)
93  {
94  /* Loop the privileges of the token */
95  for (j = 0; j < Token->PrivilegeCount; j++)
96  {
97  /* Check if the LUIDs match */
98  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
99  {
100  DPRINT("Found privilege. Attributes: %lx\n",
101  Token->Privileges[j].Attributes);
102 
103  /* Check if the privilege is enabled */
104  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
105  {
107  Required--;
108 
109  /* Check if we have found all privileges */
110  if (Required == 0)
111  {
112  /* We're done! */
114  return TRUE;
115  }
116  }
117 
118  /* Leave the inner loop */
119  break;
120  }
121  }
122  }
123 
124  /* Release the token lock */
126 
127  /* When we reached this point, we did not find all privileges */
128  ASSERT(Required > 0);
129  return FALSE;
130 }
131 
132 NTSTATUS
133 NTAPI
135  LUID PrivilegeValue,
136  PTOKEN Token,
138 {
140  PAGED_CODE();
141  ASSERT(!RtlEqualLuid(&PrivilegeValue, &SeTcbPrivilege));
142 
143  Privilege.Luid = PrivilegeValue;
144  Privilege.Attributes = SE_PRIVILEGE_ENABLED;
145  return SepPrivilegeCheck(Token,
146  &Privilege,
147  1,
149  PreviousMode);
150 }
151 
152 NTSTATUS
153 NTAPI
158  _In_ PTOKEN Token,
159  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
161 {
162  SIZE_T PrivilegeSize;
163  PPRIVILEGE_SET PrivilegeSet;
164  ULONG PrivilegeCount = 0, Index = 0;
166  PAGED_CODE();
167 
168  /* Check if we have a security subject context */
169  if (SubjectContext != NULL)
170  {
171  /* Check if there is a client impersonation token */
172  if (SubjectContext->ClientToken != NULL)
173  Token = SubjectContext->ClientToken;
174  else
175  Token = SubjectContext->PrimaryToken;
176  }
177 
178  /* Check if the caller wants ACCESS_SYSTEM_SECURITY access */
180  {
181  /* Do the privilege check */
183  {
184  /* Remember this access flag */
186  PrivilegeCount++;
187  }
188  else
189  {
191  }
192  }
193 
194  /* Check if the caller wants WRITE_OWNER access */
195  if (*DesiredAccess & WRITE_OWNER)
196  {
197  /* Do the privilege check */
199  {
200  /* Remember this access flag */
202  PrivilegeCount++;
203  }
204  }
205 
206  /* Update the access masks */
209 
210  /* Does the caller want a privilege set? */
211  if (OutPrivilegeSet != NULL)
212  {
213  /* Do we have any privileges to report? */
214  if (PrivilegeCount > 0)
215  {
216  /* Calculate size and allocate the structure */
217  PrivilegeSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
218  PrivilegeSet = ExAllocatePoolWithTag(PagedPool, PrivilegeSize, TAG_PRIVILEGE_SET);
219  *OutPrivilegeSet = PrivilegeSet;
220  if (PrivilegeSet == NULL)
221  {
223  }
224 
225  PrivilegeSet->PrivilegeCount = PrivilegeCount;
226  PrivilegeSet->Control = 0;
227 
228  if (AccessMask & WRITE_OWNER)
229  {
230  PrivilegeSet->Privilege[Index].Luid = SeTakeOwnershipPrivilege;
232  Index++;
233  }
234 
236  {
237  PrivilegeSet->Privilege[Index].Luid = SeSecurityPrivilege;
239  }
240  }
241  else
242  {
243  /* No privileges, no structure */
244  *OutPrivilegeSet = NULL;
245  }
246  }
247 
248  return STATUS_SUCCESS;
249 }
250 
251 BOOLEAN
252 NTAPI
256 {
257  PRIVILEGE_SET PrivilegeSet;
258  BOOLEAN Result;
259  PAGED_CODE();
260 
261  /* Initialize the privilege set with the single privilege */
262  PrivilegeSet.PrivilegeCount = 1;
263  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
264  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
265  PrivilegeSet.Privilege[0].Attributes = 0;
266 
267  /* Check against the primary token! */
268  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
269  &PrivilegeSet.Privilege[0],
270  1,
272  PreviousMode);
273 
274  if (PreviousMode != KernelMode)
275  {
278  &PrivilegeSet,
279  Result);
280  }
281 
282  return Result;
283 }
284 
285 NTSTATUS
286 NTAPI
288  ULONG PrivilegeCount,
290  PLUID_AND_ATTRIBUTES AllocatedMem,
291  ULONG AllocatedLength,
293  BOOLEAN CaptureIfKernel,
294  PLUID_AND_ATTRIBUTES *Dest,
295  PULONG Length)
296 {
299 
300  PAGED_CODE();
301 
302  if (PrivilegeCount == 0)
303  {
304  *Dest = 0;
305  *Length = 0;
306  return STATUS_SUCCESS;
307  }
308 
309  if (PreviousMode == KernelMode && !CaptureIfKernel)
310  {
311  *Dest = Src;
312  return STATUS_SUCCESS;
313  }
314 
315  /* FIXME - check PrivilegeCount for a valid number so we don't
316  cause an integer overflow or exhaust system resources! */
317 
318  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
319  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
320 
321  /* probe the buffer */
322  if (PreviousMode != KernelMode)
323  {
324  _SEH2_TRY
325  {
326  ProbeForRead(Src,
327  BufferSize,
328  sizeof(ULONG));
329  }
331  {
332  /* Return the exception code */
334  }
335  _SEH2_END;
336  }
337 
338  /* allocate enough memory or check if the provided buffer is
339  large enough to hold the array */
340  if (AllocatedMem != NULL)
341  {
342  if (AllocatedLength < BufferSize)
343  {
345  }
346 
347  *Dest = AllocatedMem;
348  }
349  else
350  {
352  BufferSize,
353  TAG_LUID);
354  if (*Dest == NULL)
355  {
357  }
358  }
359 
360  /* copy the array to the buffer */
361  _SEH2_TRY
362  {
363  RtlCopyMemory(*Dest,
364  Src,
365  BufferSize);
366  }
368  {
370  }
371  _SEH2_END;
372 
373  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
374  {
375  ExFreePoolWithTag(*Dest, TAG_LUID);
376  }
377 
378  return Status;
379 }
380 
381 VOID
382 NTAPI
385  BOOLEAN CaptureIfKernel)
386 {
387  PAGED_CODE();
388 
389  if (Privilege != NULL &&
390  (PreviousMode != KernelMode || CaptureIfKernel))
391  {
393  }
394 }
395 
396 /* PUBLIC FUNCTIONS ***********************************************************/
397 
398 /*
399  * @implemented
400  */
401 NTSTATUS
402 NTAPI
405 {
406  PAUX_ACCESS_DATA AuxData;
407  ULONG OldPrivilegeSetSize;
408  ULONG NewPrivilegeSetSize;
409  PPRIVILEGE_SET PrivilegeSet;
410 
411  PAGED_CODE();
412 
413  /* Get the Auxiliary Data */
414  AuxData = AccessState->AuxData;
415 
416  /* Calculate the size of the old privilege set */
417  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
418  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
419 
420  if (AuxData->PrivilegeSet->PrivilegeCount +
421  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
422  {
423  /* Calculate the size of the new privilege set */
424  NewPrivilegeSetSize = OldPrivilegeSetSize +
425  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
426 
427  /* Allocate a new privilege set */
428  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
429  NewPrivilegeSetSize,
431  if (PrivilegeSet == NULL)
433 
434  /* Copy original privileges from the acess state */
435  RtlCopyMemory(PrivilegeSet,
436  AuxData->PrivilegeSet,
437  OldPrivilegeSetSize);
438 
439  /* Append privileges from the privilege set*/
440  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
442  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
443 
444  /* Adjust the number of privileges in the new privilege set */
445  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
446 
447  /* Free the old privilege set if it was allocated */
448  if (AccessState->PrivilegesAllocated != FALSE)
450 
451  /* Now we are using an allocated privilege set */
452  AccessState->PrivilegesAllocated = TRUE;
453 
454  /* Assign the new privileges to the access state */
455  AuxData->PrivilegeSet = PrivilegeSet;
456  }
457  else
458  {
459  /* Append privileges */
460  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
462  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
463 
464  /* Adjust the number of privileges in the target privilege set */
465  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
466  }
467 
468  return STATUS_SUCCESS;
469 }
470 
471 /*
472  * @implemented
473  */
474 VOID
475 NTAPI
477 {
478  PAGED_CODE();
480 }
481 
482 /*
483  * @implemented
484  */
485 BOOLEAN
486 NTAPI
490 {
492 
493  PAGED_CODE();
494 
495  if (SubjectContext->ClientToken == NULL)
496  {
497  Token = SubjectContext->PrimaryToken;
498  }
499  else
500  {
501  Token = SubjectContext->ClientToken;
502  if (SubjectContext->ImpersonationLevel < 2)
503  {
504  return FALSE;
505  }
506  }
507 
508  return SepPrivilegeCheck(Token,
509  Privileges->Privilege,
510  Privileges->PrivilegeCount,
511  Privileges->Control,
512  PreviousMode);
513 }
514 
515 /*
516  * @implemented
517  */
518 BOOLEAN
519 NTAPI
522 {
524  PRIVILEGE_SET Priv;
525  BOOLEAN Result;
526 
527  PAGED_CODE();
528 
530 
531  Priv.PrivilegeCount = 1;
533  Priv.Privilege[0].Luid = PrivilegeValue;
535 
536  Result = SePrivilegeCheck(&Priv,
538  PreviousMode);
539 
540  if (PreviousMode != KernelMode)
541  {
544  &Priv,
545  Result);
546 
547  }
548 
550 
551  return Result;
552 }
553 
554 BOOLEAN
555 NTAPI
557  IN HANDLE ObjectHandle,
560 {
562  PRIVILEGE_SET Priv;
563  BOOLEAN Result;
564 
565  PAGED_CODE();
566 
568 
569  Priv.PrivilegeCount = 1;
571  Priv.Privilege[0].Luid = PrivilegeValue;
573 
575  if (PreviousMode != KernelMode)
576  {
577 #if 0
578  SePrivilegeObjectAuditAlarm(ObjectHandle,
581  &PrivilegeValue,
582  Result,
583  PreviousMode);
584 #endif
585  }
586 
588 
589  return Result;
590 }
591 
592 /* SYSTEM CALLS ***************************************************************/
593 
594 NTSTATUS
595 NTAPI
597  IN PPRIVILEGE_SET RequiredPrivileges,
599 {
601  PTOKEN Token;
602  ULONG PrivilegeCount = 0;
603  ULONG PrivilegeControl = 0;
604  ULONG Length;
605  BOOLEAN CheckResult;
608 
609  PAGED_CODE();
610 
612 
613  /* probe the buffers */
614  if (PreviousMode != KernelMode)
615  {
616  _SEH2_TRY
617  {
618  ProbeForWrite(RequiredPrivileges,
620  Privilege),
621  sizeof(ULONG));
622 
623  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
624  PrivilegeControl = RequiredPrivileges->Control;
625 
626  /* Check PrivilegeCount to avoid an integer overflow! */
628  Privilege[PrivilegeCount]) /
629  sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
630  {
632  }
633 
634  /* probe all of the array */
635  ProbeForWrite(RequiredPrivileges,
637  Privilege[PrivilegeCount]),
638  sizeof(ULONG));
639 
641  }
643  {
644  /* Return the exception code */
646  }
647  _SEH2_END;
648  }
649  else
650  {
651  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
652  PrivilegeControl = RequiredPrivileges->Control;
653  }
654 
655  /* reference the token and make sure we're
656  not doing an anonymous impersonation */
657  Status = ObReferenceObjectByHandle(ClientToken,
658  TOKEN_QUERY,
660  PreviousMode,
661  (PVOID*)&Token,
662  NULL);
663  if (!NT_SUCCESS(Status))
664  {
665  return Status;
666  }
667 
668  if (Token->TokenType == TokenImpersonation &&
669  Token->ImpersonationLevel < SecurityIdentification)
670  {
673  }
674 
675  /* capture the privileges */
676  Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
677  PrivilegeCount,
678  PreviousMode,
679  NULL,
680  0,
681  PagedPool,
682  TRUE,
683  &Privileges,
684  &Length);
685  if (!NT_SUCCESS(Status))
686  {
688  return Status;
689  }
690 
691  CheckResult = SepPrivilegeCheck(Token,
692  Privileges,
693  PrivilegeCount,
694  PrivilegeControl,
695  PreviousMode);
696 
698 
699  /* return the array */
700  _SEH2_TRY
701  {
702  RtlCopyMemory(RequiredPrivileges->Privilege,
703  Privileges,
704  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
705  *Result = CheckResult;
707  }
709  {
711  }
712  _SEH2_END;
713 
715  PreviousMode,
716  TRUE);
717 
718  return Status;
719 }
720 
721 /* EOF */
#define SE_CREATE_PERMANENT_PRIVILEGE
Definition: security.c:670
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:234
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
const LUID SeSyncAgentPrivilege
Definition: priv.c:43
#define IN
Definition: typedefs.h:39
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result)
Definition: priv.c:596
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
const LUID SeTimeZonePrivilege
Definition: priv.c:51
#define SE_INC_WORKING_SET_PRIVILEGE
Definition: setypes.h:184
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
struct _PRIVILEGE_SET PRIVILEGE_SET
#define _Inout_
Definition: ms_sal.h:378
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SE_CREATE_TOKEN_PRIVILEGE
Definition: security.c:656
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
Definition: setypes.h:186
#define SE_LOCK_MEMORY_PRIVILEGE
Definition: security.c:658
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
const LUID SeRestorePrivilege
Definition: priv.c:35
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
#define SE_DEBUG_PRIVILEGE
Definition: security.c:674
#define SE_LOAD_DRIVER_PRIVILEGE
Definition: security.c:664
const LUID SeTcbPrivilege
Definition: priv.c:24
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SE_RESTORE_PRIVILEGE
Definition: security.c:672
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define SE_SYSTEMTIME_PRIVILEGE
Definition: security.c:666
#define SE_TAKE_OWNERSHIP_PRIVILEGE
Definition: security.c:663
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
#define SE_SYNC_AGENT_PRIVILEGE
Definition: security.c:680
const LUID SeAuditPrivilege
Definition: priv.c:38
$ULONG Control
Definition: setypes.h:87
#define WRITE_OWNER
Definition: nt_native.h:60
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
Definition: setypes.h:182
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:65
BOOLEAN NTAPI SeCheckPrivilegedObject(IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:556
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define SE_TCB_PRIVILEGE
Definition: security.c:661
const LUID SeImpersonatePrivilege
Definition: priv.c:46
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
const LUID SeShutdownPrivilege
Definition: priv.c:36
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:403
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:41
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
#define SE_RELABEL_PRIVILEGE
Definition: setypes.h:183
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define _In_
Definition: ms_sal.h:308
#define SE_TIME_ZONE_PRIVILEGE
Definition: setypes.h:185
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:23
#define SE_UNDOCK_PRIVILEGE
Definition: security.c:679
#define SE_SHUTDOWN_PRIVILEGE
Definition: security.c:673
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
$ULONG PrivilegeCount
Definition: setypes.h:86
NTSTATUS NTAPI SepSinglePrivilegeCheck(LUID PrivilegeValue, PTOKEN Token, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:134
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
const LUID SeBackupPrivilege
Definition: priv.c:34
#define SE_CREATE_PAGEFILE_PRIVILEGE
Definition: security.c:669
Status
Definition: gdiplustypes.h:24
#define SE_INCREASE_QUOTA_PRIVILEGE
Definition: security.c:659
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
const LUID SeSecurityPrivilege
Definition: priv.c:25
#define TOKEN_QUERY
Definition: setypes.h:878
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:154
#define ASSERT(a)
Definition: mode.c:44
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:68
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
const LUID SeSystemProfilePrivilege
Definition: priv.c:28
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
#define TAG_LUID
Definition: tag.h:178
INT POOL_TYPE
Definition: typedefs.h:78
_In_ WDFCOLLECTION _In_ ULONG Index
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition: security.c:678
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
const LUID SeChangeNotifyPrivilege
Definition: priv.c:40
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define CONST_LUID(x1, x2)
Definition: priv.c:18
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
const LUID SeSystemtimePrivilege
Definition: priv.c:29
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:52
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
char * PBOOLEAN
Definition: retypes.h:11
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
const LUID SeCreateGlobalPrivilege
Definition: priv.c:47
#define SepReleaseTokenLock(Token)
Definition: se.h:227
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
#define SE_INC_BASE_PRIORITY_PRIVILEGE
Definition: security.c:668
const LUID SeUndockPrivilege
Definition: priv.c:42
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:487
#define SE_ENABLE_DELEGATION_PRIVILEGE
Definition: security.c:681
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:50
const LUID SeDebugPrivilege
Definition: priv.c:37
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
_SEH2_END
Definition: create.c:4400
#define SE_MANAGE_VOLUME_PRIVILEGE
Definition: security.c:682
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:476
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:383
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define _Out_opt_
Definition: ms_sal.h:346
#define SE_SYSTEM_PROFILE_PRIVILEGE
Definition: security.c:665
const LUID SeManageVolumePrivilege
Definition: priv.c:45
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:144
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition: security.c:667
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:287
#define SepAcquireTokenLockShared(Token)
Definition: se.h:221
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition: security.c:676
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:847
#define OUT
Definition: typedefs.h:40
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition: security.c:657
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define SE_BACKUP_PRIVILEGE
Definition: security.c:671
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
const LUID SeEnableDelegationPrivilege
Definition: priv.c:44
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
const LUID SeRelabelPrivilege
Definition: priv.c:49
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:38
#define DPRINT
Definition: sndvol32.h:71
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
VOID NTAPI SepInitPrivileges(VOID)
Definition: priv.c:60
#define SE_AUDIT_PRIVILEGE
Definition: security.c:675
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define BufferSize
Definition: mmc.h:75
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:251
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:48
#define PAGED_CODE()