ReactOS  0.4.15-dev-4570-g4f8bbd1
priv.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security privileges support
5  * COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
6  * Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
7  * Copyright Eric Kohl
8  */
9 
10 /* INCLUDES ******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 /* GLOBALS ********************************************************************/
17 
18 #define SE_MAXIMUM_PRIVILEGE_LIMIT 0x3C
19 
20 #define CONST_LUID(x1, x2) {x1, x2}
21 const LUID SeCreateTokenPrivilege = CONST_LUID(SE_CREATE_TOKEN_PRIVILEGE, 0);
22 const LUID SeAssignPrimaryTokenPrivilege = CONST_LUID(SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0);
23 const LUID SeLockMemoryPrivilege = CONST_LUID(SE_LOCK_MEMORY_PRIVILEGE, 0);
24 const LUID SeIncreaseQuotaPrivilege = CONST_LUID(SE_INCREASE_QUOTA_PRIVILEGE, 0);
25 const LUID SeUnsolicitedInputPrivilege = CONST_LUID(6, 0);
26 const LUID SeTcbPrivilege = CONST_LUID(SE_TCB_PRIVILEGE, 0);
27 const LUID SeSecurityPrivilege = CONST_LUID(SE_SECURITY_PRIVILEGE, 0);
28 const LUID SeTakeOwnershipPrivilege = CONST_LUID(SE_TAKE_OWNERSHIP_PRIVILEGE, 0);
29 const LUID SeLoadDriverPrivilege = CONST_LUID(SE_LOAD_DRIVER_PRIVILEGE, 0);
30 const LUID SeSystemProfilePrivilege = CONST_LUID(SE_SYSTEM_PROFILE_PRIVILEGE, 0);
31 const LUID SeSystemtimePrivilege = CONST_LUID(SE_SYSTEMTIME_PRIVILEGE, 0);
32 const LUID SeProfileSingleProcessPrivilege = CONST_LUID(SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0);
33 const LUID SeIncreaseBasePriorityPrivilege = CONST_LUID(SE_INC_BASE_PRIORITY_PRIVILEGE, 0);
34 const LUID SeCreatePagefilePrivilege = CONST_LUID(SE_CREATE_PAGEFILE_PRIVILEGE, 0);
35 const LUID SeCreatePermanentPrivilege = CONST_LUID(SE_CREATE_PERMANENT_PRIVILEGE, 0);
36 const LUID SeBackupPrivilege = CONST_LUID(SE_BACKUP_PRIVILEGE, 0);
37 const LUID SeRestorePrivilege = CONST_LUID(SE_RESTORE_PRIVILEGE, 0);
38 const LUID SeShutdownPrivilege = CONST_LUID(SE_SHUTDOWN_PRIVILEGE, 0);
39 const LUID SeDebugPrivilege = CONST_LUID(SE_DEBUG_PRIVILEGE, 0);
40 const LUID SeAuditPrivilege = CONST_LUID(SE_AUDIT_PRIVILEGE, 0);
41 const LUID SeSystemEnvironmentPrivilege = CONST_LUID(SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0);
42 const LUID SeChangeNotifyPrivilege = CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE, 0);
43 const LUID SeRemoteShutdownPrivilege = CONST_LUID(SE_REMOTE_SHUTDOWN_PRIVILEGE, 0);
44 const LUID SeUndockPrivilege = CONST_LUID(SE_UNDOCK_PRIVILEGE, 0);
45 const LUID SeSyncAgentPrivilege = CONST_LUID(SE_SYNC_AGENT_PRIVILEGE, 0);
46 const LUID SeEnableDelegationPrivilege = CONST_LUID(SE_ENABLE_DELEGATION_PRIVILEGE, 0);
47 const LUID SeManageVolumePrivilege = CONST_LUID(SE_MANAGE_VOLUME_PRIVILEGE, 0);
48 const LUID SeImpersonatePrivilege = CONST_LUID(SE_IMPERSONATE_PRIVILEGE, 0);
49 const LUID SeCreateGlobalPrivilege = CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE, 0);
50 const LUID SeTrustedCredmanPrivilege = CONST_LUID(SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE, 0);
51 const LUID SeRelabelPrivilege = CONST_LUID(SE_RELABEL_PRIVILEGE, 0);
52 const LUID SeIncreaseWorkingSetPrivilege = CONST_LUID(SE_INC_WORKING_SET_PRIVILEGE, 0);
53 const LUID SeTimeZonePrivilege = CONST_LUID(SE_TIME_ZONE_PRIVILEGE, 0);
54 const LUID SeCreateSymbolicLinkPrivilege = CONST_LUID(SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0);
55 
56 
57 /* PRIVATE FUNCTIONS **********************************************************/
58 
68 CODE_SEG("INIT")
69 VOID
70 NTAPI
71 SepInitPrivileges(VOID)
72 {
73 
74 }
75 
102 BOOLEAN
103 NTAPI
104 SepPrivilegeCheck(
105  _In_ PTOKEN Token,
106  _In_ PLUID_AND_ATTRIBUTES Privileges,
107  _In_ ULONG PrivilegeCount,
108  _In_ ULONG PrivilegeControl,
109  _In_ KPROCESSOR_MODE PreviousMode)
110 {
111  ULONG i;
112  ULONG j;
113  ULONG Required;
114 
115  DPRINT("SepPrivilegeCheck() called\n");
116 
117  PAGED_CODE();
118 
119  if (PreviousMode == KernelMode)
120  return TRUE;
121 
122  /* Get the number of privileges that are required to match */
123  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
124 
125  /* Acquire a shared token lock */
126  SepAcquireTokenLockShared(Token);
127 
128  /* Loop all requested privileges until we found the required ones */
129  for (i = 0; i < PrivilegeCount; i++)
130  {
131  /* Loop the privileges of the token */
132  for (j = 0; j < Token->PrivilegeCount; j++)
133  {
134  /* Check if the LUIDs match */
135  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
136  {
137  DPRINT("Found privilege. Attributes: %lx\n",
138  Token->Privileges[j].Attributes);
139 
140  /* Check if the privilege is enabled */
141  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
142  {
143  Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
144  Required--;
145 
146  /* Check if we have found all privileges */
147  if (Required == 0)
148  {
149  /* We're done! */
150  SepReleaseTokenLock(Token);
151  return TRUE;
152  }
153  }
154 
155  /* Leave the inner loop */
156  break;
157  }
158  }
159  }
160 
161  /* Release the token lock */
162  SepReleaseTokenLock(Token);
163 
164  /* When we reached this point, we did not find all privileges */
165  ASSERT(Required > 0);
166  return FALSE;
167 }
168 
188 BOOLEAN
189 NTAPI
190 SepSinglePrivilegeCheck(
191  _In_ LUID PrivilegeValue,
192  _In_ PTOKEN Token,
193  _In_ KPROCESSOR_MODE PreviousMode)
194 {
195  LUID_AND_ATTRIBUTES Privilege;
196  PAGED_CODE();
197  ASSERT(!RtlEqualLuid(&PrivilegeValue, &SeTcbPrivilege));
198 
199  Privilege.Luid = PrivilegeValue;
200  Privilege.Attributes = SE_PRIVILEGE_ENABLED;
201  return SepPrivilegeCheck(Token,
202  &Privilege,
203  1,
204  PRIVILEGE_SET_ALL_NECESSARY,
205  PreviousMode);
206 }
207 
242 NTSTATUS
243 NTAPI
244 SePrivilegePolicyCheck(
245  _Inout_ PACCESS_MASK DesiredAccess,
246  _Inout_ PACCESS_MASK GrantedAccess,
247  _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
248  _In_ PTOKEN Token,
249  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
250  _In_ KPROCESSOR_MODE PreviousMode)
251 {
252  SIZE_T PrivilegeSize;
253  PPRIVILEGE_SET PrivilegeSet;
254  ULONG PrivilegeCount = 0, Index = 0;
255  ACCESS_MASK AccessMask = 0;
256  PAGED_CODE();
257 
258  /* Check if we have a security subject context */
259  if (SubjectContext != NULL)
260  {
261  /* Check if there is a client impersonation token */
262  if (SubjectContext->ClientToken != NULL)
263  Token = SubjectContext->ClientToken;
264  else
265  Token = SubjectContext->PrimaryToken;
266  }
267 
268  /* Check if the caller wants ACCESS_SYSTEM_SECURITY access */
269  if (*DesiredAccess & ACCESS_SYSTEM_SECURITY)
270  {
271  /* Do the privilege check */
272  if (SepSinglePrivilegeCheck(SeSecurityPrivilege, Token, PreviousMode))
273  {
274  /* Remember this access flag */
275  AccessMask |= ACCESS_SYSTEM_SECURITY;
276  PrivilegeCount++;
277  }
278  else
279  {
280  return STATUS_PRIVILEGE_NOT_HELD;
281  }
282  }
283 
284  /* Check if the caller wants WRITE_OWNER access */
285  if (*DesiredAccess & WRITE_OWNER)
286  {
287  /* Do the privilege check */
288  if (SepSinglePrivilegeCheck(SeTakeOwnershipPrivilege, Token, PreviousMode))
289  {
290  /* Remember this access flag */
291  AccessMask |= WRITE_OWNER;
292  PrivilegeCount++;
293  }
294  }
295 
296  /* Update the access masks */
297  *GrantedAccess |= AccessMask;
298  *DesiredAccess &= ~AccessMask;
299 
300  /* Does the caller want a privilege set? */
301  if (OutPrivilegeSet != NULL)
302  {
303  /* Do we have any privileges to report? */
304  if (PrivilegeCount > 0)
305  {
306  /* Calculate size and allocate the structure */
307  PrivilegeSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
308  PrivilegeSet = ExAllocatePoolWithTag(PagedPool, PrivilegeSize, TAG_PRIVILEGE_SET);
309  *OutPrivilegeSet = PrivilegeSet;
310  if (PrivilegeSet == NULL)
311  {
312  return STATUS_INSUFFICIENT_RESOURCES;
313  }
314 
315  PrivilegeSet->PrivilegeCount = PrivilegeCount;
316  PrivilegeSet->Control = 0;
317 
318  if (AccessMask & WRITE_OWNER)
319  {
320  PrivilegeSet->Privilege[Index].Luid = SeTakeOwnershipPrivilege;
321  PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
322  Index++;
323  }
324 
325  if (AccessMask & ACCESS_SYSTEM_SECURITY)
326  {
327  PrivilegeSet->Privilege[Index].Luid = SeSecurityPrivilege;
328  PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
329  }
330  }
331  else
332  {
333  /* No privileges, no structure */
334  *OutPrivilegeSet = NULL;
335  }
336  }
337 
338  return STATUS_SUCCESS;
339 }
340 
358 BOOLEAN
359 NTAPI
360 SeCheckAuditPrivilege(
361  _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
362  _In_ KPROCESSOR_MODE PreviousMode)
363 {
364  PRIVILEGE_SET PrivilegeSet;
365  BOOLEAN Result;
366  PAGED_CODE();
367 
368  /* Initialize the privilege set with the single privilege */
369  PrivilegeSet.PrivilegeCount = 1;
370  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
371  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
372  PrivilegeSet.Privilege[0].Attributes = 0;
373 
374  /* Check against the primary token! */
375  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
376  &PrivilegeSet.Privilege[0],
377  1,
378  PRIVILEGE_SET_ALL_NECESSARY,
379  PreviousMode);
380 
381  if (PreviousMode != KernelMode)
382  {
383  SePrivilegedServiceAuditAlarm(NULL,
384  SubjectContext,
385  &PrivilegeSet,
386  Result);
387  }
388 
389  return Result;
390 }
391 
436 NTSTATUS
437 NTAPI
438 SeCaptureLuidAndAttributesArray(
439  _In_ PLUID_AND_ATTRIBUTES Src,
440  _In_ ULONG PrivilegeCount,
441  _In_ KPROCESSOR_MODE PreviousMode,
442  _In_opt_ PLUID_AND_ATTRIBUTES AllocatedMem,
443  _In_opt_ ULONG AllocatedLength,
444  _In_ POOL_TYPE PoolType,
445  _In_ BOOLEAN CaptureIfKernel,
446  _Out_ PLUID_AND_ATTRIBUTES *Dest,
447  _Inout_ PULONG Length)
448 {
449  ULONG BufferSize;
450  NTSTATUS Status = STATUS_SUCCESS;
451 
452  PAGED_CODE();
453 
454  if (PrivilegeCount == 0)
455  {
456  *Dest = 0;
457  *Length = 0;
458  return STATUS_SUCCESS;
459  }
460 
461  if (PrivilegeCount > SE_MAXIMUM_PRIVILEGE_LIMIT)
462  {
463  return STATUS_INVALID_PARAMETER;
464  }
465 
466  if (PreviousMode == KernelMode && !CaptureIfKernel)
467  {
468  *Dest = Src;
469  return STATUS_SUCCESS;
470  }
471 
472  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
473  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
474 
475  /* probe the buffer */
476  if (PreviousMode != KernelMode)
477  {
478  _SEH2_TRY
479  {
480  ProbeForRead(Src,
481  BufferSize,
482  sizeof(ULONG));
483  }
484  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
485  {
486  /* Return the exception code */
487  _SEH2_YIELD(return _SEH2_GetExceptionCode());
488  }
489  _SEH2_END;
490  }
491 
492  /* allocate enough memory or check if the provided buffer is
493  large enough to hold the array */
494  if (AllocatedMem != NULL)
495  {
496  if (AllocatedLength < BufferSize)
497  {
498  return STATUS_BUFFER_TOO_SMALL;
499  }
500 
501  *Dest = AllocatedMem;
502  }
503  else
504  {
505  *Dest = ExAllocatePoolWithTag(PoolType,
506  BufferSize,
507  TAG_LUID);
508  if (*Dest == NULL)
509  {
510  return STATUS_INSUFFICIENT_RESOURCES;
511  }
512  }
513 
514  /* copy the array to the buffer */
515  _SEH2_TRY
516  {
517  RtlCopyMemory(*Dest,
518  Src,
519  BufferSize);
520  }
521  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
522  {
523  Status = _SEH2_GetExceptionCode();
524  }
525  _SEH2_END;
526 
527  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
528  {
529  ExFreePoolWithTag(*Dest, TAG_LUID);
530  }
531 
532  return Status;
533 }
534 
552 VOID
553 NTAPI
554 SeReleaseLuidAndAttributesArray(
555  _In_ PLUID_AND_ATTRIBUTES Privilege,
556  _In_ KPROCESSOR_MODE PreviousMode,
557  _In_ BOOLEAN CaptureIfKernel)
558 {
559  PAGED_CODE();
560 
561  if (Privilege != NULL &&
562  (PreviousMode != KernelMode || CaptureIfKernel))
563  {
564  ExFreePoolWithTag(Privilege, TAG_LUID);
565  }
566 }
567 
568 /* PUBLIC FUNCTIONS ***********************************************************/
569 
586 NTSTATUS
587 NTAPI
588 SeAppendPrivileges(
589  _Inout_ PACCESS_STATE AccessState,
590  _In_ PPRIVILEGE_SET Privileges)
591 {
592  PAUX_ACCESS_DATA AuxData;
593  ULONG OldPrivilegeSetSize;
594  ULONG NewPrivilegeSetSize;
595  PPRIVILEGE_SET PrivilegeSet;
596 
597  PAGED_CODE();
598 
599  /* Get the Auxiliary Data */
600  AuxData = AccessState->AuxData;
601 
602  /* Calculate the size of the old privilege set */
603  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
604  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
605 
606  if (AuxData->PrivilegeSet->PrivilegeCount +
607  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
608  {
609  /* Calculate the size of the new privilege set */
610  NewPrivilegeSetSize = OldPrivilegeSetSize +
611  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
612 
613  /* Allocate a new privilege set */
614  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
615  NewPrivilegeSetSize,
616  TAG_PRIVILEGE_SET);
617  if (PrivilegeSet == NULL)
618  return STATUS_INSUFFICIENT_RESOURCES;
619 
620  /* Copy original privileges from the acess state */
621  RtlCopyMemory(PrivilegeSet,
622  AuxData->PrivilegeSet,
623  OldPrivilegeSetSize);
624 
625  /* Append privileges from the privilege set*/
626  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
627  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
628  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
629 
630  /* Adjust the number of privileges in the new privilege set */
631  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
632 
633  /* Free the old privilege set if it was allocated */
634  if (AccessState->PrivilegesAllocated != FALSE)
635  ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
636 
637  /* Now we are using an allocated privilege set */
638  AccessState->PrivilegesAllocated = TRUE;
639 
640  /* Assign the new privileges to the access state */
641  AuxData->PrivilegeSet = PrivilegeSet;
642  }
643  else
644  {
645  /* Append privileges */
646  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
647  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
648  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
649 
650  /* Adjust the number of privileges in the target privilege set */
651  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
652  }
653 
654  return STATUS_SUCCESS;
655 }
656 
667 VOID
668 NTAPI
669 SeFreePrivileges(
670  _In_ PPRIVILEGE_SET Privileges)
671 {
672  PAGED_CODE();
673  ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
674 }
675 
696 BOOLEAN
697 NTAPI
698 SePrivilegeCheck(
699  _In_ PPRIVILEGE_SET Privileges,
700  _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
701  _In_ KPROCESSOR_MODE PreviousMode)
702 {
703  PACCESS_TOKEN Token = NULL;
704 
705  PAGED_CODE();
706 
707  if (SubjectContext->ClientToken == NULL)
708  {
709  Token = SubjectContext->PrimaryToken;
710  }
711  else
712  {
713  Token = SubjectContext->ClientToken;
714  if (SubjectContext->ImpersonationLevel < 2)
715  {
716  return FALSE;
717  }
718  }
719 
720  return SepPrivilegeCheck(Token,
721  Privileges->Privilege,
722  Privileges->PrivilegeCount,
723  Privileges->Control,
724  PreviousMode);
725 }
726 
742 BOOLEAN
743 NTAPI
744 SeSinglePrivilegeCheck(
745  _In_ LUID PrivilegeValue,
746  _In_ KPROCESSOR_MODE PreviousMode)
747 {
748  SECURITY_SUBJECT_CONTEXT SubjectContext;
749  PRIVILEGE_SET Priv;
750  BOOLEAN Result;
751 
752  PAGED_CODE();
753 
754  SeCaptureSubjectContext(&SubjectContext);
755 
756  Priv.PrivilegeCount = 1;
757  Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
758  Priv.Privilege[0].Luid = PrivilegeValue;
759  Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
760 
761  Result = SePrivilegeCheck(&Priv,
762  &SubjectContext,
763  PreviousMode);
764 
765  if (PreviousMode != KernelMode)
766  {
767  SePrivilegedServiceAuditAlarm(NULL,
768  &SubjectContext,
769  &Priv,
770  Result);
771 
772  }
773 
774  SeReleaseSubjectContext(&SubjectContext);
775 
776  return Result;
777 }
778 
801 BOOLEAN
802 NTAPI
803 SeCheckPrivilegedObject(
804  _In_ LUID PrivilegeValue,
805  _In_ HANDLE ObjectHandle,
806  _In_ ACCESS_MASK DesiredAccess,
807  _In_ KPROCESSOR_MODE PreviousMode)
808 {
809  SECURITY_SUBJECT_CONTEXT SubjectContext;
810  PRIVILEGE_SET Priv;
811  BOOLEAN Result;
812 
813  PAGED_CODE();
814 
815  SeCaptureSubjectContext(&SubjectContext);
816 
817  Priv.PrivilegeCount = 1;
818  Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
819  Priv.Privilege[0].Luid = PrivilegeValue;
820  Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
821 
822  Result = SePrivilegeCheck(&Priv, &SubjectContext, PreviousMode);
823  if (PreviousMode != KernelMode)
824  {
825 #if 0
826  SePrivilegeObjectAuditAlarm(ObjectHandle,
827  &SubjectContext,
828  DesiredAccess,
829  &PrivilegeValue,
830  Result,
831  PreviousMode);
832 #endif
833  }
834 
835  SeReleaseSubjectContext(&SubjectContext);
836 
837  return Result;
838 }
839 
840 /* SYSTEM CALLS ***************************************************************/
841 
866 NTSTATUS
867 NTAPI
868 NtPrivilegeCheck(
869  _In_ HANDLE ClientToken,
870  _In_ PPRIVILEGE_SET RequiredPrivileges,
871  _Out_ PBOOLEAN Result)
872 {
873  PLUID_AND_ATTRIBUTES Privileges;
874  PTOKEN Token;
875  ULONG PrivilegeCount = 0;
876  ULONG PrivilegeControl = 0;
877  ULONG Length;
878  BOOLEAN CheckResult;
879  KPROCESSOR_MODE PreviousMode;
880  NTSTATUS Status;
881 
882  PAGED_CODE();
883 
884  PreviousMode = KeGetPreviousMode();
885 
886  /* probe the buffers */
887  if (PreviousMode != KernelMode)
888  {
889  _SEH2_TRY
890  {
891  ProbeForWrite(RequiredPrivileges,
892  FIELD_OFFSET(PRIVILEGE_SET,
893  Privilege),
894  sizeof(ULONG));
895 
896  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
897  PrivilegeControl = RequiredPrivileges->Control;
898 
899  /* Check PrivilegeCount to avoid an integer overflow! */
900  if (FIELD_OFFSET(PRIVILEGE_SET,
901  Privilege[PrivilegeCount]) /
902  sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
903  {
904  _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
905  }
906 
907  /* probe all of the array */
908  ProbeForWrite(RequiredPrivileges,
909  FIELD_OFFSET(PRIVILEGE_SET,
910  Privilege[PrivilegeCount]),
911  sizeof(ULONG));
912 
913  ProbeForWriteBoolean(Result);
914  }
915  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
916  {
917  /* Return the exception code */
918  _SEH2_YIELD(return _SEH2_GetExceptionCode());
919  }
920  _SEH2_END;
921  }
922  else
923  {
924  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
925  PrivilegeControl = RequiredPrivileges->Control;
926  }
927 
928  /* reference the token and make sure we're
929  not doing an anonymous impersonation */
930  Status = ObReferenceObjectByHandle(ClientToken,
931  TOKEN_QUERY,
932  SeTokenObjectType,
933  PreviousMode,
934  (PVOID*)&Token,
935  NULL);
936  if (!NT_SUCCESS(Status))
937  {
938  return Status;
939  }
940 
941  if (Token->TokenType == TokenImpersonation &&
942  Token->ImpersonationLevel < SecurityIdentification)
943  {
944  ObDereferenceObject(Token);
945  return STATUS_BAD_IMPERSONATION_LEVEL;
946  }
947 
948  /* capture the privileges */
949  Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
950  PrivilegeCount,
951  PreviousMode,
952  NULL,
953  0,
954  PagedPool,
955  TRUE,
956  &Privileges,
957  &Length);
958  if (!NT_SUCCESS(Status))
959  {
960  ObDereferenceObject (Token);
961  return Status;
962  }
963 
964  CheckResult = SepPrivilegeCheck(Token,
965  Privileges,
966  PrivilegeCount,
967  PrivilegeControl,
968  PreviousMode);
969 
970  ObDereferenceObject(Token);
971 
972  /* return the array */
973  _SEH2_TRY
974  {
975  RtlCopyMemory(RequiredPrivileges->Privilege,
976  Privileges,
977  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
978  *Result = CheckResult;
979  Status = STATUS_SUCCESS;
980  }
981  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
982  {
983  Status = _SEH2_GetExceptionCode();
984  }
985  _SEH2_END;
986 
987  SeReleaseLuidAndAttributesArray(Privileges,
988  PreviousMode,
989  TRUE);
990 
991  return Status;
992 }
993 
994 /* EOF */
SE_CREATE_PERMANENT_PRIVILEGE
#define SE_CREATE_PERMANENT_PRIVILEGE
Definition: security.c:670
_AUX_ACCESS_DATA::PrivilegeSet
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
SeLoadDriverPrivilege
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
SeSyncAgentPrivilege
const LUID SeSyncAgentPrivilege
Definition: priv.c:45
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
SeCreatePagefilePrivilege
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
SeTimeZonePrivilege
const LUID SeTimeZonePrivilege
Definition: priv.c:53
SE_INC_WORKING_SET_PRIVILEGE
#define SE_INC_WORKING_SET_PRIVILEGE
Definition: setypes.h:212
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
PRIVILEGE_SET
struct _PRIVILEGE_SET PRIVILEGE_SET
_Inout_
#define _Inout_
Definition: ms_sal.h:378
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
SE_CREATE_TOKEN_PRIVILEGE
#define SE_CREATE_TOKEN_PRIVILEGE
Definition: security.c:656
_Out_
#define _Out_
Definition: ms_sal.h:345
SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
Definition: setypes.h:214
SE_LOCK_MEMORY_PRIVILEGE
#define SE_LOCK_MEMORY_PRIVILEGE
Definition: security.c:658
TRUE
#define TRUE
Definition: types.h:120
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
SeRestorePrivilege
const LUID SeRestorePrivilege
Definition: priv.c:37
SeCheckPrivilegedObject
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1108
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SE_DEBUG_PRIVILEGE
#define SE_DEBUG_PRIVILEGE
Definition: security.c:674
SE_LOAD_DRIVER_PRIVILEGE
#define SE_LOAD_DRIVER_PRIVILEGE
Definition: security.c:664
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SE_RESTORE_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
Definition: security.c:672
LUID_AND_ATTRIBUTES
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
SE_SYSTEMTIME_PRIVILEGE
#define SE_SYSTEMTIME_PRIVILEGE
Definition: security.c:666
_PRIVILEGE_SET
Definition: setypes.h:85
SE_TAKE_OWNERSHIP_PRIVILEGE
#define SE_TAKE_OWNERSHIP_PRIVILEGE
Definition: security.c:663
SE_SYNC_AGENT_PRIVILEGE
#define SE_SYNC_AGENT_PRIVILEGE
Definition: security.c:680
SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:40
_PRIVILEGE_SET::Control
$ULONG Control
Definition: setypes.h:87
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60
SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
Definition: setypes.h:210
SeCreatePermanentPrivilege
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_opt_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
Captures a LUID with attributes structure. This function is mainly tied in the context of privileges.
Definition: priv.c:438
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeProfileSingleProcessPrivilege
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
SE_TCB_PRIVILEGE
#define SE_TCB_PRIVILEGE
Definition: security.c:661
SeImpersonatePrivilege
const LUID SeImpersonatePrivilege
Definition: priv.c:48
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
SeShutdownPrivilege
const LUID SeShutdownPrivilege
Definition: priv.c:38
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
SE_CREATE_GLOBAL_PRIVILEGE
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
SeRemoteShutdownPrivilege
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:43
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SepPrivilegeCheck
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
SE_RELABEL_PRIVILEGE
#define SE_RELABEL_PRIVILEGE
Definition: setypes.h:211
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_
#define _In_
Definition: ms_sal.h:308
SE_TIME_ZONE_PRIVILEGE
#define SE_TIME_ZONE_PRIVILEGE
Definition: setypes.h:213
SeUnsolicitedInputPrivilege
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:25
SE_UNDOCK_PRIVILEGE
#define SE_UNDOCK_PRIVILEGE
Definition: security.c:679
SE_SHUTDOWN_PRIVILEGE
#define SE_SHUTDOWN_PRIVILEGE
Definition: security.c:673
SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
SeBackupPrivilege
const LUID SeBackupPrivilege
Definition: priv.c:36
SE_CREATE_PAGEFILE_PRIVILEGE
#define SE_CREATE_PAGEFILE_PRIVILEGE
Definition: security.c:669
Status
Status
Definition: gdiplustypes.h:24
SepSinglePrivilegeCheck
BOOLEAN NTAPI SepSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ PTOKEN Token, _In_ KPROCESSOR_MODE PreviousMode)
Checks only single privilege based upon the privilege pointed by a LUID and if it matches with the on...
Definition: priv.c:190
SE_INCREASE_QUOTA_PRIVILEGE
#define SE_INCREASE_QUOTA_PRIVILEGE
Definition: security.c:659
NtPrivilegeCheck
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
Definition: priv.c:868
SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
SeIncreaseBasePriorityPrivilege
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
SE_SECURITY_PRIVILEGE
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_ACCESS_STATE
Definition: setypes.h:224
SeSecurityPrivilege
const LUID SeSecurityPrivilege
Definition: priv.c:27
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:924
SePrivilegePolicyCheck
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:244
ASSERT
#define ASSERT(a)
Definition: mode.c:44
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SeSystemProfilePrivilege
const LUID SeSystemProfilePrivilege
Definition: priv.c:30
SePrivilegedServiceAuditAlarm
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
TAG_LUID
#define TAG_LUID
Definition: tag.h:150
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:179
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:437
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
SE_REMOTE_SHUTDOWN_PRIVILEGE
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition: security.c:678
ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SeAssignPrimaryTokenPrivilege
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
SeChangeNotifyPrivilege
const LUID SeChangeNotifyPrivilege
Definition: priv.c:42
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
CONST_LUID
#define CONST_LUID(x1, x2)
Definition: priv.c:20
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
SeSystemtimePrivilege
const LUID SeSystemtimePrivilege
Definition: priv.c:31
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SeCreateSymbolicLinkPrivilege
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:54
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCreateGlobalPrivilege
const LUID SeCreateGlobalPrivilege
Definition: priv.c:49
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:248
SeLockMemoryPrivilege
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
SeIncreaseQuotaPrivilege
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
SE_INC_BASE_PRIORITY_PRIVILEGE
#define SE_INC_BASE_PRIORITY_PRIVILEGE
Definition: security.c:668
SePrivilegeObjectAuditAlarm
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1422
SeUndockPrivilege
const LUID SeUndockPrivilege
Definition: priv.c:44
SeFreePrivileges
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
Definition: priv.c:669
SE_ENABLE_DELEGATION_PRIVILEGE
#define SE_ENABLE_DELEGATION_PRIVILEGE
Definition: security.c:681
SeIncreaseWorkingSetPrivilege
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:52
SeDebugPrivilege
const LUID SeDebugPrivilege
Definition: priv.c:39
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
SE_IMPERSONATE_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
_AUX_ACCESS_DATA
Definition: setypes.h:256
_SEH2_END
_SEH2_END
Definition: create.c:4400
SE_MANAGE_VOLUME_PRIVILEGE
#define SE_MANAGE_VOLUME_PRIVILEGE
Definition: security.c:682
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
SeTakeOwnershipPrivilege
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
SE_MAXIMUM_PRIVILEGE_LIMIT
#define SE_MAXIMUM_PRIVILEGE_LIMIT
Definition: priv.c:18
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
_Out_opt_
#define _Out_opt_
Definition: ms_sal.h:346
SE_SYSTEM_PROFILE_PRIVILEGE
#define SE_SYSTEM_PROFILE_PRIVILEGE
Definition: security.c:665
SeManageVolumePrivilege
const LUID SeManageVolumePrivilege
Definition: priv.c:47
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
INITIAL_PRIVILEGE_COUNT
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:172
SE_PROF_SINGLE_PROCESS_PRIVILEGE
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition: security.c:667
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:523
SePrivilegeCheck
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
Definition: priv.c:698
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:217
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
SepAcquireTokenLockShared
#define SepAcquireTokenLockShared(Token)
Definition: se.h:242
SE_SYSTEM_ENVIRONMENT_PRIVILEGE
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition: security.c:676
_PRIVILEGE_SET::Privilege
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition: security.c:657
ULONG
unsigned int ULONG
Definition: retypes.h:1
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
SE_BACKUP_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
Definition: security.c:671
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
SeEnableDelegationPrivilege
const LUID SeEnableDelegationPrivilege
Definition: priv.c:46
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:152
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
SeRelabelPrivilege
const LUID SeRelabelPrivilege
Definition: priv.c:51
Required
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:38
DPRINT
#define DPRINT
Definition: sndvol32.h:71
SeSystemEnvironmentPrivilege
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_TOKEN
Definition: setypes.h:215
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
SepInitPrivileges
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:71
SE_AUDIT_PRIVILEGE
#define SE_AUDIT_PRIVILEGE
Definition: security.c:675
CODE_SEG
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
SeAppendPrivileges
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
Definition: priv.c:588
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
BufferSize
#define BufferSize
Definition: mmc.h:75
BufferSize
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:251
SeTrustedCredmanPrivilege
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:50
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89