ReactOS  0.4.15-dev-425-gc40b086
priv.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/priv.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: No programmer listed.
8  */
9 
10 /* INCLUDES ******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 #if defined (ALLOC_PRAGMA)
17 #pragma alloc_text(INIT, SepInitPrivileges)
18 #endif
19 
20 /* GLOBALS ********************************************************************/
21 
22 #define CONST_LUID(x1, x2) {x1, x2}
23 const LUID SeCreateTokenPrivilege = CONST_LUID(SE_CREATE_TOKEN_PRIVILEGE, 0);
24 const LUID SeAssignPrimaryTokenPrivilege = CONST_LUID(SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0);
25 const LUID SeLockMemoryPrivilege = CONST_LUID(SE_LOCK_MEMORY_PRIVILEGE, 0);
26 const LUID SeIncreaseQuotaPrivilege = CONST_LUID(SE_INCREASE_QUOTA_PRIVILEGE, 0);
27 const LUID SeUnsolicitedInputPrivilege = CONST_LUID(6, 0);
28 const LUID SeTcbPrivilege = CONST_LUID(SE_TCB_PRIVILEGE, 0);
29 const LUID SeSecurityPrivilege = CONST_LUID(SE_SECURITY_PRIVILEGE, 0);
30 const LUID SeTakeOwnershipPrivilege = CONST_LUID(SE_TAKE_OWNERSHIP_PRIVILEGE, 0);
31 const LUID SeLoadDriverPrivilege = CONST_LUID(SE_LOAD_DRIVER_PRIVILEGE, 0);
32 const LUID SeSystemProfilePrivilege = CONST_LUID(SE_SYSTEM_PROFILE_PRIVILEGE, 0);
33 const LUID SeSystemtimePrivilege = CONST_LUID(SE_SYSTEMTIME_PRIVILEGE, 0);
34 const LUID SeProfileSingleProcessPrivilege = CONST_LUID(SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0);
35 const LUID SeIncreaseBasePriorityPrivilege = CONST_LUID(SE_INC_BASE_PRIORITY_PRIVILEGE, 0);
36 const LUID SeCreatePagefilePrivilege = CONST_LUID(SE_CREATE_PAGEFILE_PRIVILEGE, 0);
37 const LUID SeCreatePermanentPrivilege = CONST_LUID(SE_CREATE_PERMANENT_PRIVILEGE, 0);
38 const LUID SeBackupPrivilege = CONST_LUID(SE_BACKUP_PRIVILEGE, 0);
39 const LUID SeRestorePrivilege = CONST_LUID(SE_RESTORE_PRIVILEGE, 0);
40 const LUID SeShutdownPrivilege = CONST_LUID(SE_SHUTDOWN_PRIVILEGE, 0);
41 const LUID SeDebugPrivilege = CONST_LUID(SE_DEBUG_PRIVILEGE, 0);
42 const LUID SeAuditPrivilege = CONST_LUID(SE_AUDIT_PRIVILEGE, 0);
43 const LUID SeSystemEnvironmentPrivilege = CONST_LUID(SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0);
44 const LUID SeChangeNotifyPrivilege = CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE, 0);
45 const LUID SeRemoteShutdownPrivilege = CONST_LUID(SE_REMOTE_SHUTDOWN_PRIVILEGE, 0);
46 const LUID SeUndockPrivilege = CONST_LUID(SE_UNDOCK_PRIVILEGE, 0);
47 const LUID SeSyncAgentPrivilege = CONST_LUID(SE_SYNC_AGENT_PRIVILEGE, 0);
48 const LUID SeEnableDelegationPrivilege = CONST_LUID(SE_ENABLE_DELEGATION_PRIVILEGE, 0);
49 const LUID SeManageVolumePrivilege = CONST_LUID(SE_MANAGE_VOLUME_PRIVILEGE, 0);
50 const LUID SeImpersonatePrivilege = CONST_LUID(SE_IMPERSONATE_PRIVILEGE, 0);
51 const LUID SeCreateGlobalPrivilege = CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE, 0);
52 const LUID SeTrustedCredmanPrivilege = CONST_LUID(SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE, 0);
53 const LUID SeRelabelPrivilege = CONST_LUID(SE_RELABEL_PRIVILEGE, 0);
54 const LUID SeIncreaseWorkingSetPrivilege = CONST_LUID(SE_INC_WORKING_SET_PRIVILEGE, 0);
55 const LUID SeTimeZonePrivilege = CONST_LUID(SE_TIME_ZONE_PRIVILEGE, 0);
56 const LUID SeCreateSymbolicLinkPrivilege = CONST_LUID(SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0);
57 
58 
59 /* PRIVATE FUNCTIONS **********************************************************/
60 
61 INIT_FUNCTION
62 VOID
63 NTAPI
64 SepInitPrivileges(VOID)
65 {
66 
67 }
68 
69 
70 BOOLEAN
71 NTAPI
72 SepPrivilegeCheck(PTOKEN Token,
73  PLUID_AND_ATTRIBUTES Privileges,
74  ULONG PrivilegeCount,
75  ULONG PrivilegeControl,
76  KPROCESSOR_MODE PreviousMode)
77 {
78  ULONG i;
79  ULONG j;
80  ULONG Required;
81 
82  DPRINT("SepPrivilegeCheck() called\n");
83 
84  PAGED_CODE();
85 
86  if (PreviousMode == KernelMode)
87  return TRUE;
88 
89  /* Get the number of privileges that are required to match */
90  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
91 
92  /* Acquire a shared token lock */
93  SepAcquireTokenLockShared(Token);
94 
95  /* Loop all requested privileges until we found the required ones */
96  for (i = 0; i < PrivilegeCount; i++)
97  {
98  /* Loop the privileges of the token */
99  for (j = 0; j < Token->PrivilegeCount; j++)
100  {
101  /* Check if the LUIDs match */
102  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
103  {
104  DPRINT("Found privilege. Attributes: %lx\n",
105  Token->Privileges[j].Attributes);
106 
107  /* Check if the privilege is enabled */
108  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
109  {
110  Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
111  Required--;
112 
113  /* Check if we have found all privileges */
114  if (Required == 0)
115  {
116  /* We're done! */
117  SepReleaseTokenLock(Token);
118  return TRUE;
119  }
120  }
121 
122  /* Leave the inner loop */
123  break;
124  }
125  }
126  }
127 
128  /* Release the token lock */
129  SepReleaseTokenLock(Token);
130 
131  /* When we reached this point, we did not find all privileges */
132  ASSERT(Required > 0);
133  return FALSE;
134 }
135 
136 NTSTATUS
137 NTAPI
138 SepSinglePrivilegeCheck(
139  LUID PrivilegeValue,
140  PTOKEN Token,
141  KPROCESSOR_MODE PreviousMode)
142 {
143  LUID_AND_ATTRIBUTES Privilege;
144  PAGED_CODE();
145  ASSERT(!RtlEqualLuid(&PrivilegeValue, &SeTcbPrivilege));
146 
147  Privilege.Luid = PrivilegeValue;
148  Privilege.Attributes = SE_PRIVILEGE_ENABLED;
149  return SepPrivilegeCheck(Token,
150  &Privilege,
151  1,
152  PRIVILEGE_SET_ALL_NECESSARY,
153  PreviousMode);
154 }
155 
156 NTSTATUS
157 NTAPI
158 SePrivilegePolicyCheck(
159  _Inout_ PACCESS_MASK DesiredAccess,
160  _Inout_ PACCESS_MASK GrantedAccess,
161  _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
162  _In_ PTOKEN Token,
163  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
164  _In_ KPROCESSOR_MODE PreviousMode)
165 {
166  SIZE_T PrivilegeSize;
167  PPRIVILEGE_SET PrivilegeSet;
168  ULONG PrivilegeCount = 0, Index = 0;
169  ACCESS_MASK AccessMask = 0;
170  PAGED_CODE();
171 
172  /* Check if we have a security subject context */
173  if (SubjectContext != NULL)
174  {
175  /* Check if there is a client impersonation token */
176  if (SubjectContext->ClientToken != NULL)
177  Token = SubjectContext->ClientToken;
178  else
179  Token = SubjectContext->PrimaryToken;
180  }
181 
182  /* Check if the caller wants ACCESS_SYSTEM_SECURITY access */
183  if (*DesiredAccess & ACCESS_SYSTEM_SECURITY)
184  {
185  /* Do the privilege check */
186  if (SepSinglePrivilegeCheck(SeSecurityPrivilege, Token, PreviousMode))
187  {
188  /* Remember this access flag */
189  AccessMask |= ACCESS_SYSTEM_SECURITY;
190  PrivilegeCount++;
191  }
192  else
193  {
194  return STATUS_PRIVILEGE_NOT_HELD;
195  }
196  }
197 
198  /* Check if the caller wants WRITE_OWNER access */
199  if (*DesiredAccess & WRITE_OWNER)
200  {
201  /* Do the privilege check */
202  if (SepSinglePrivilegeCheck(SeTakeOwnershipPrivilege, Token, PreviousMode))
203  {
204  /* Remember this access flag */
205  AccessMask |= WRITE_OWNER;
206  PrivilegeCount++;
207  }
208  }
209 
210  /* Update the access masks */
211  *GrantedAccess |= AccessMask;
212  *DesiredAccess &= ~AccessMask;
213 
214  /* Does the caller want a privilege set? */
215  if (OutPrivilegeSet != NULL)
216  {
217  /* Do we have any privileges to report? */
218  if (PrivilegeCount > 0)
219  {
220  /* Calculate size and allocate the structure */
221  PrivilegeSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
222  PrivilegeSet = ExAllocatePoolWithTag(PagedPool, PrivilegeSize, TAG_PRIVILEGE_SET);
223  *OutPrivilegeSet = PrivilegeSet;
224  if (PrivilegeSet == NULL)
225  {
226  return STATUS_INSUFFICIENT_RESOURCES;
227  }
228 
229  PrivilegeSet->PrivilegeCount = PrivilegeCount;
230  PrivilegeSet->Control = 0;
231 
232  if (AccessMask & WRITE_OWNER)
233  {
234  PrivilegeSet->Privilege[Index].Luid = SeTakeOwnershipPrivilege;
235  PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
236  Index++;
237  }
238 
239  if (AccessMask & ACCESS_SYSTEM_SECURITY)
240  {
241  PrivilegeSet->Privilege[Index].Luid = SeSecurityPrivilege;
242  PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
243  }
244  }
245  else
246  {
247  /* No privileges, no structure */
248  *OutPrivilegeSet = NULL;
249  }
250  }
251 
252  return STATUS_SUCCESS;
253 }
254 
255 BOOLEAN
256 NTAPI
257 SeCheckAuditPrivilege(
258  _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
259  _In_ KPROCESSOR_MODE PreviousMode)
260 {
261  PRIVILEGE_SET PrivilegeSet;
262  BOOLEAN Result;
263  PAGED_CODE();
264 
265  /* Initialize the privilege set with the single privilege */
266  PrivilegeSet.PrivilegeCount = 1;
267  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
268  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
269  PrivilegeSet.Privilege[0].Attributes = 0;
270 
271  /* Check against the primary token! */
272  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
273  &PrivilegeSet.Privilege[0],
274  1,
275  PRIVILEGE_SET_ALL_NECESSARY,
276  PreviousMode);
277 
278  if (PreviousMode != KernelMode)
279  {
280  SePrivilegedServiceAuditAlarm(NULL,
281  SubjectContext,
282  &PrivilegeSet,
283  Result);
284  }
285 
286  return Result;
287 }
288 
289 NTSTATUS
290 NTAPI
291 SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
292  ULONG PrivilegeCount,
293  KPROCESSOR_MODE PreviousMode,
294  PLUID_AND_ATTRIBUTES AllocatedMem,
295  ULONG AllocatedLength,
296  POOL_TYPE PoolType,
297  BOOLEAN CaptureIfKernel,
298  PLUID_AND_ATTRIBUTES *Dest,
299  PULONG Length)
300 {
301  ULONG BufferSize;
302  NTSTATUS Status = STATUS_SUCCESS;
303 
304  PAGED_CODE();
305 
306  if (PrivilegeCount == 0)
307  {
308  *Dest = 0;
309  *Length = 0;
310  return STATUS_SUCCESS;
311  }
312 
313  if (PreviousMode == KernelMode && !CaptureIfKernel)
314  {
315  *Dest = Src;
316  return STATUS_SUCCESS;
317  }
318 
319  /* FIXME - check PrivilegeCount for a valid number so we don't
320  cause an integer overflow or exhaust system resources! */
321 
322  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
323  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
324 
325  /* probe the buffer */
326  if (PreviousMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Src,
331  BufferSize,
332  sizeof(ULONG));
333  }
334  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
335  {
336  /* Return the exception code */
337  _SEH2_YIELD(return _SEH2_GetExceptionCode());
338  }
339  _SEH2_END;
340  }
341 
342  /* allocate enough memory or check if the provided buffer is
343  large enough to hold the array */
344  if (AllocatedMem != NULL)
345  {
346  if (AllocatedLength < BufferSize)
347  {
348  return STATUS_BUFFER_TOO_SMALL;
349  }
350 
351  *Dest = AllocatedMem;
352  }
353  else
354  {
355  *Dest = ExAllocatePoolWithTag(PoolType,
356  BufferSize,
357  TAG_LUID);
358  if (*Dest == NULL)
359  {
360  return STATUS_INSUFFICIENT_RESOURCES;
361  }
362  }
363 
364  /* copy the array to the buffer */
365  _SEH2_TRY
366  {
367  RtlCopyMemory(*Dest,
368  Src,
369  BufferSize);
370  }
371  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
372  {
373  Status = _SEH2_GetExceptionCode();
374  }
375  _SEH2_END;
376 
377  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
378  {
379  ExFreePoolWithTag(*Dest, TAG_LUID);
380  }
381 
382  return Status;
383 }
384 
385 VOID
386 NTAPI
387 SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
388  KPROCESSOR_MODE PreviousMode,
389  BOOLEAN CaptureIfKernel)
390 {
391  PAGED_CODE();
392 
393  if (Privilege != NULL &&
394  (PreviousMode != KernelMode || CaptureIfKernel))
395  {
396  ExFreePoolWithTag(Privilege, TAG_LUID);
397  }
398 }
399 
400 /* PUBLIC FUNCTIONS ***********************************************************/
401 
402 /*
403  * @implemented
404  */
405 NTSTATUS
406 NTAPI
407 SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
408  IN PPRIVILEGE_SET Privileges)
409 {
410  PAUX_ACCESS_DATA AuxData;
411  ULONG OldPrivilegeSetSize;
412  ULONG NewPrivilegeSetSize;
413  PPRIVILEGE_SET PrivilegeSet;
414 
415  PAGED_CODE();
416 
417  /* Get the Auxiliary Data */
418  AuxData = AccessState->AuxData;
419 
420  /* Calculate the size of the old privilege set */
421  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
422  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
423 
424  if (AuxData->PrivilegeSet->PrivilegeCount +
425  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
426  {
427  /* Calculate the size of the new privilege set */
428  NewPrivilegeSetSize = OldPrivilegeSetSize +
429  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
430 
431  /* Allocate a new privilege set */
432  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
433  NewPrivilegeSetSize,
434  TAG_PRIVILEGE_SET);
435  if (PrivilegeSet == NULL)
436  return STATUS_INSUFFICIENT_RESOURCES;
437 
438  /* Copy original privileges from the acess state */
439  RtlCopyMemory(PrivilegeSet,
440  AuxData->PrivilegeSet,
441  OldPrivilegeSetSize);
442 
443  /* Append privileges from the privilege set*/
444  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
445  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
446  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
447 
448  /* Adjust the number of privileges in the new privilege set */
449  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
450 
451  /* Free the old privilege set if it was allocated */
452  if (AccessState->PrivilegesAllocated != FALSE)
453  ExFreePoolWithTag(AuxData->PrivilegeSet, TAG_PRIVILEGE_SET);
454 
455  /* Now we are using an allocated privilege set */
456  AccessState->PrivilegesAllocated = TRUE;
457 
458  /* Assign the new privileges to the access state */
459  AuxData->PrivilegeSet = PrivilegeSet;
460  }
461  else
462  {
463  /* Append privileges */
464  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
465  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
466  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
467 
468  /* Adjust the number of privileges in the target privilege set */
469  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
470  }
471 
472  return STATUS_SUCCESS;
473 }
474 
475 /*
476  * @implemented
477  */
478 VOID
479 NTAPI
480 SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
481 {
482  PAGED_CODE();
483  ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
484 }
485 
486 /*
487  * @implemented
488  */
489 BOOLEAN
490 NTAPI
491 SePrivilegeCheck(PPRIVILEGE_SET Privileges,
492  PSECURITY_SUBJECT_CONTEXT SubjectContext,
493  KPROCESSOR_MODE PreviousMode)
494 {
495  PACCESS_TOKEN Token = NULL;
496 
497  PAGED_CODE();
498 
499  if (SubjectContext->ClientToken == NULL)
500  {
501  Token = SubjectContext->PrimaryToken;
502  }
503  else
504  {
505  Token = SubjectContext->ClientToken;
506  if (SubjectContext->ImpersonationLevel < 2)
507  {
508  return FALSE;
509  }
510  }
511 
512  return SepPrivilegeCheck(Token,
513  Privileges->Privilege,
514  Privileges->PrivilegeCount,
515  Privileges->Control,
516  PreviousMode);
517 }
518 
519 /*
520  * @implemented
521  */
522 BOOLEAN
523 NTAPI
524 SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
525  IN KPROCESSOR_MODE PreviousMode)
526 {
527  SECURITY_SUBJECT_CONTEXT SubjectContext;
528  PRIVILEGE_SET Priv;
529  BOOLEAN Result;
530 
531  PAGED_CODE();
532 
533  SeCaptureSubjectContext(&SubjectContext);
534 
535  Priv.PrivilegeCount = 1;
536  Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
537  Priv.Privilege[0].Luid = PrivilegeValue;
538  Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
539 
540  Result = SePrivilegeCheck(&Priv,
541  &SubjectContext,
542  PreviousMode);
543 
544  if (PreviousMode != KernelMode)
545  {
546  SePrivilegedServiceAuditAlarm(NULL,
547  &SubjectContext,
548  &Priv,
549  Result);
550 
551  }
552 
553  SeReleaseSubjectContext(&SubjectContext);
554 
555  return Result;
556 }
557 
558 BOOLEAN
559 NTAPI
560 SeCheckPrivilegedObject(IN LUID PrivilegeValue,
561  IN HANDLE ObjectHandle,
562  IN ACCESS_MASK DesiredAccess,
563  IN KPROCESSOR_MODE PreviousMode)
564 {
565  SECURITY_SUBJECT_CONTEXT SubjectContext;
566  PRIVILEGE_SET Priv;
567  BOOLEAN Result;
568 
569  PAGED_CODE();
570 
571  SeCaptureSubjectContext(&SubjectContext);
572 
573  Priv.PrivilegeCount = 1;
574  Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
575  Priv.Privilege[0].Luid = PrivilegeValue;
576  Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
577 
578  Result = SePrivilegeCheck(&Priv, &SubjectContext, PreviousMode);
579  if (PreviousMode != KernelMode)
580  {
581 #if 0
582  SePrivilegeObjectAuditAlarm(ObjectHandle,
583  &SubjectContext,
584  DesiredAccess,
585  &PrivilegeValue,
586  Result,
587  PreviousMode);
588 #endif
589  }
590 
591  SeReleaseSubjectContext(&SubjectContext);
592 
593  return Result;
594 }
595 
596 /* SYSTEM CALLS ***************************************************************/
597 
598 NTSTATUS
599 NTAPI
600 NtPrivilegeCheck(IN HANDLE ClientToken,
601  IN PPRIVILEGE_SET RequiredPrivileges,
602  OUT PBOOLEAN Result)
603 {
604  PLUID_AND_ATTRIBUTES Privileges;
605  PTOKEN Token;
606  ULONG PrivilegeCount = 0;
607  ULONG PrivilegeControl = 0;
608  ULONG Length;
609  BOOLEAN CheckResult;
610  KPROCESSOR_MODE PreviousMode;
611  NTSTATUS Status;
612 
613  PAGED_CODE();
614 
615  PreviousMode = KeGetPreviousMode();
616 
617  /* probe the buffers */
618  if (PreviousMode != KernelMode)
619  {
620  _SEH2_TRY
621  {
622  ProbeForWrite(RequiredPrivileges,
623  FIELD_OFFSET(PRIVILEGE_SET,
624  Privilege),
625  sizeof(ULONG));
626 
627  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
628  PrivilegeControl = RequiredPrivileges->Control;
629 
630  /* Check PrivilegeCount to avoid an integer overflow! */
631  if (FIELD_OFFSET(PRIVILEGE_SET,
632  Privilege[PrivilegeCount]) /
633  sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
634  {
635  _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
636  }
637 
638  /* probe all of the array */
639  ProbeForWrite(RequiredPrivileges,
640  FIELD_OFFSET(PRIVILEGE_SET,
641  Privilege[PrivilegeCount]),
642  sizeof(ULONG));
643 
644  ProbeForWriteBoolean(Result);
645  }
646  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
647  {
648  /* Return the exception code */
649  _SEH2_YIELD(return _SEH2_GetExceptionCode());
650  }
651  _SEH2_END;
652  }
653  else
654  {
655  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
656  PrivilegeControl = RequiredPrivileges->Control;
657  }
658 
659  /* reference the token and make sure we're
660  not doing an anonymous impersonation */
661  Status = ObReferenceObjectByHandle(ClientToken,
662  TOKEN_QUERY,
663  SeTokenObjectType,
664  PreviousMode,
665  (PVOID*)&Token,
666  NULL);
667  if (!NT_SUCCESS(Status))
668  {
669  return Status;
670  }
671 
672  if (Token->TokenType == TokenImpersonation &&
673  Token->ImpersonationLevel < SecurityIdentification)
674  {
675  ObDereferenceObject(Token);
676  return STATUS_BAD_IMPERSONATION_LEVEL;
677  }
678 
679  /* capture the privileges */
680  Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
681  PrivilegeCount,
682  PreviousMode,
683  NULL,
684  0,
685  PagedPool,
686  TRUE,
687  &Privileges,
688  &Length);
689  if (!NT_SUCCESS(Status))
690  {
691  ObDereferenceObject (Token);
692  return Status;
693  }
694 
695  CheckResult = SepPrivilegeCheck(Token,
696  Privileges,
697  PrivilegeCount,
698  PrivilegeControl,
699  PreviousMode);
700 
701  ObDereferenceObject(Token);
702 
703  /* return the array */
704  _SEH2_TRY
705  {
706  RtlCopyMemory(RequiredPrivileges->Privilege,
707  Privileges,
708  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
709  *Result = CheckResult;
710  Status = STATUS_SUCCESS;
711  }
712  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
713  {
714  Status = _SEH2_GetExceptionCode();
715  }
716  _SEH2_END;
717 
718  SeReleaseLuidAndAttributesArray(Privileges,
719  PreviousMode,
720  TRUE);
721 
722  return Status;
723 }
724 
725 /* EOF */
SE_CREATE_PERMANENT_PRIVILEGE
#define SE_CREATE_PERMANENT_PRIVILEGE
Definition: security.c:670
_AUX_ACCESS_DATA::PrivilegeSet
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:187
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
SeLoadDriverPrivilege
const LUID SeLoadDriverPrivilege
Definition: priv.c:31
SeSyncAgentPrivilege
const LUID SeSyncAgentPrivilege
Definition: priv.c:47
IN
#define IN
Definition: typedefs.h:39
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
TRUE
#define TRUE
Definition: types.h:120
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
SeCreatePagefilePrivilege
const LUID SeCreatePagefilePrivilege
Definition: priv.c:36
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NtPrivilegeCheck
NTSTATUS NTAPI NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result)
Definition: priv.c:600
SeTimeZonePrivilege
const LUID SeTimeZonePrivilege
Definition: priv.c:55
SE_INC_WORKING_SET_PRIVILEGE
#define SE_INC_WORKING_SET_PRIVILEGE
Definition: setypes.h:184
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
PRIVILEGE_SET
struct _PRIVILEGE_SET PRIVILEGE_SET
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
SE_CREATE_TOKEN_PRIVILEGE
#define SE_CREATE_TOKEN_PRIVILEGE
Definition: security.c:656
SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
Definition: setypes.h:186
SE_LOCK_MEMORY_PRIVILEGE
#define SE_LOCK_MEMORY_PRIVILEGE
Definition: security.c:658
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
SeRestorePrivilege
const LUID SeRestorePrivilege
Definition: priv.c:39
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1107
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SE_DEBUG_PRIVILEGE
#define SE_DEBUG_PRIVILEGE
Definition: security.c:674
SE_LOAD_DRIVER_PRIVILEGE
#define SE_LOAD_DRIVER_PRIVILEGE
Definition: security.c:664
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:28
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SE_RESTORE_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
Definition: security.c:672
LUID_AND_ATTRIBUTES
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
SE_SYSTEMTIME_PRIVILEGE
#define SE_SYSTEMTIME_PRIVILEGE
Definition: security.c:666
_PRIVILEGE_SET
Definition: setypes.h:85
SE_TAKE_OWNERSHIP_PRIVILEGE
#define SE_TAKE_OWNERSHIP_PRIVILEGE
Definition: security.c:663
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
SE_SYNC_AGENT_PRIVILEGE
#define SE_SYNC_AGENT_PRIVILEGE
Definition: security.c:680
ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:42
_PRIVILEGE_SET::Control
$ULONG Control
Definition: setypes.h:87
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60
SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
Definition: setypes.h:182
SeCreatePermanentPrivilege
const LUID SeCreatePermanentPrivilege
Definition: priv.c:37
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeProfileSingleProcessPrivilege
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:34
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:64
SeCheckPrivilegedObject
BOOLEAN NTAPI SeCheckPrivilegedObject(IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:560
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
SE_TCB_PRIVILEGE
#define SE_TCB_PRIVILEGE
Definition: security.c:661
SeImpersonatePrivilege
const LUID SeImpersonatePrivilege
Definition: priv.c:50
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
SeShutdownPrivilege
const LUID SeShutdownPrivilege
Definition: priv.c:40
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
SE_CREATE_GLOBAL_PRIVILEGE
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SeAppendPrivileges
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
SeRemoteShutdownPrivilege
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:45
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NULL
smooth NULL
Definition: ftsmooth.c:416
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
SE_RELABEL_PRIVILEGE
#define SE_RELABEL_PRIVILEGE
Definition: setypes.h:183
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
SE_TIME_ZONE_PRIVILEGE
#define SE_TIME_ZONE_PRIVILEGE
Definition: setypes.h:185
SeUnsolicitedInputPrivilege
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:27
SE_UNDOCK_PRIVILEGE
#define SE_UNDOCK_PRIVILEGE
Definition: security.c:679
SE_SHUTDOWN_PRIVILEGE
#define SE_SHUTDOWN_PRIVILEGE
Definition: security.c:673
SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86
SepSinglePrivilegeCheck
NTSTATUS NTAPI SepSinglePrivilegeCheck(LUID PrivilegeValue, PTOKEN Token, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:138
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
SeBackupPrivilege
const LUID SeBackupPrivilege
Definition: priv.c:38
SE_CREATE_PAGEFILE_PRIVILEGE
#define SE_CREATE_PAGEFILE_PRIVILEGE
Definition: security.c:669
SE_INCREASE_QUOTA_PRIVILEGE
#define SE_INCREASE_QUOTA_PRIVILEGE
Definition: security.c:659
SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
SeIncreaseBasePriorityPrivilege
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:35
_Out_opt_
#define _Out_opt_
Definition: no_sal2.h:339
SE_SECURITY_PRIVILEGE
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_ACCESS_STATE
Definition: setypes.h:196
SeSecurityPrivilege
const LUID SeSecurityPrivilege
Definition: priv.c:29
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
SePrivilegePolicyCheck
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:158
SepPrivilegeCheck
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:72
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SeSystemProfilePrivilege
const LUID SeSystemProfilePrivilege
Definition: priv.c:32
SePrivilegedServiceAuditAlarm
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
TAG_LUID
#define TAG_LUID
Definition: tag.h:178
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:77
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
Index
static const UCHAR Index[8]
Definition: usbohci.c:18
BufferSize
#define BufferSize
Definition: classpnp.h:419
SE_REMOTE_SHUTDOWN_PRIVILEGE
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition: security.c:678
ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
_Inout_
#define _Inout_
Definition: no_sal2.h:244
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SeAssignPrimaryTokenPrivilege
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:24
SeChangeNotifyPrivilege
const LUID SeChangeNotifyPrivilege
Definition: priv.c:44
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
CONST_LUID
#define CONST_LUID(x1, x2)
Definition: priv.c:22
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
SeSystemtimePrivilege
const LUID SeSystemtimePrivilege
Definition: priv.c:33
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SeCreateSymbolicLinkPrivilege
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:56
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:257
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCreateGlobalPrivilege
const LUID SeCreateGlobalPrivilege
Definition: priv.c:51
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
SeLockMemoryPrivilege
const LUID SeLockMemoryPrivilege
Definition: priv.c:25
SeIncreaseQuotaPrivilege
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:26
SE_INC_BASE_PRIORITY_PRIVILEGE
#define SE_INC_BASE_PRIORITY_PRIVILEGE
Definition: security.c:668
SeUndockPrivilege
const LUID SeUndockPrivilege
Definition: priv.c:46
SePrivilegeCheck
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:491
Status
Status
Definition: gdiplustypes.h:24
SE_ENABLE_DELEGATION_PRIVILEGE
#define SE_ENABLE_DELEGATION_PRIVILEGE
Definition: security.c:681
_In_
#define _In_
Definition: no_sal2.h:204
SeIncreaseWorkingSetPrivilege
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:54
SeDebugPrivilege
const LUID SeDebugPrivilege
Definition: priv.c:41
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:79
SE_IMPERSONATE_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
_AUX_ACCESS_DATA
Definition: setypes.h:185
_SEH2_END
_SEH2_END
Definition: create.c:4400
SE_MANAGE_VOLUME_PRIVILEGE
#define SE_MANAGE_VOLUME_PRIVILEGE
Definition: security.c:682
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
SeFreePrivileges
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
SeTakeOwnershipPrivilege
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:30
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
SE_SYSTEM_PROFILE_PRIVILEGE
#define SE_SYSTEM_PROFILE_PRIVILEGE
Definition: security.c:665
SeManageVolumePrivilege
const LUID SeManageVolumePrivilege
Definition: priv.c:49
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SepInitPrivileges
INIT_FUNCTION VOID NTAPI SepInitPrivileges(VOID)
Definition: priv.c:64
INITIAL_PRIVILEGE_COUNT
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:144
SE_PROF_SINGLE_PROCESS_PRIVILEGE
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition: security.c:667
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
SepAcquireTokenLockShared
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
SE_SYSTEM_ENVIRONMENT_PRIVILEGE
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition: security.c:676
_PRIVILEGE_SET::Privilege
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
SePrivilegeObjectAuditAlarm
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845
OUT
#define OUT
Definition: typedefs.h:40
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition: security.c:657
ULONG
unsigned int ULONG
Definition: retypes.h:1
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
SE_BACKUP_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
Definition: security.c:671
SeEnableDelegationPrivilege
const LUID SeEnableDelegationPrivilege
Definition: priv.c:48
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
SeRelabelPrivilege
const LUID SeRelabelPrivilege
Definition: priv.c:53
Required
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:66
SeSystemEnvironmentPrivilege
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:43
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
_TOKEN
Definition: setypes.h:151
PoolType
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
SE_AUDIT_PRIVILEGE
#define SE_AUDIT_PRIVILEGE
Definition: security.c:675
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
SeTrustedCredmanPrivilege
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:52
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89