18#define SE_MAXIMUM_PRIVILEGE_LIMIT 0x3C
20#define CONST_LUID(x1, x2) {x1, x2}
115 DPRINT(
"SepPrivilegeCheck() called\n");
129 for (
i = 0;
i < PrivilegeCount;
i++)
132 for (
j = 0;
j <
Token->PrivilegeCount;
j++)
137 DPRINT(
"Found privilege. Attributes: %lx\n",
138 Token->Privileges[
j].Attributes);
301 if (OutPrivilegeSet !=
NULL)
304 if (PrivilegeCount > 0)
309 *OutPrivilegeSet = PrivilegeSet;
310 if (PrivilegeSet ==
NULL)
334 *OutPrivilegeSet =
NULL;
454 if (PrivilegeCount == 0)
494 if (AllocatedMem !=
NULL)
501 *Dest = AllocatedMem;
593 ULONG OldPrivilegeSetSize;
594 ULONG NewPrivilegeSetSize;
610 NewPrivilegeSetSize = OldPrivilegeSetSize +
617 if (PrivilegeSet ==
NULL)
623 OldPrivilegeSetSize);
875 ULONG PrivilegeCount = 0;
876 ULONG PrivilegeControl = 0;
896 PrivilegeCount = RequiredPrivileges->PrivilegeCount;
897 PrivilegeControl = RequiredPrivileges->Control;
902 sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
924 PrivilegeCount = RequiredPrivileges->PrivilegeCount;
925 PrivilegeControl = RequiredPrivileges->Control;
#define STATUS_PRIVILEGE_NOT_HELD
#define NT_SUCCESS(StatCode)
#define ExAllocatePoolWithTag(hernya, size, tag)
#define ROUND_UP(n, align)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
#define EXCEPTION_EXECUTE_HANDLER
#define ExFreePoolWithTag(_P, _T)
#define SE_TAKE_OWNERSHIP_PRIVILEGE
#define SE_SYSTEM_PROFILE_PRIVILEGE
#define SE_SYNC_AGENT_PRIVILEGE
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
#define SE_DEBUG_PRIVILEGE
#define SE_CREATE_TOKEN_PRIVILEGE
#define SE_SYSTEMTIME_PRIVILEGE
#define SE_CREATE_PERMANENT_PRIVILEGE
#define SE_SECURITY_PRIVILEGE
#define SE_AUDIT_PRIVILEGE
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
#define SE_MANAGE_VOLUME_PRIVILEGE
#define SE_INC_BASE_PRIORITY_PRIVILEGE
#define SE_UNDOCK_PRIVILEGE
#define SE_SHUTDOWN_PRIVILEGE
#define SE_LOCK_MEMORY_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_ENABLE_DELEGATION_PRIVILEGE
#define SE_INCREASE_QUOTA_PRIVILEGE
#define SE_LOAD_DRIVER_PRIVILEGE
#define SE_CREATE_GLOBAL_PRIVILEGE
#define SE_CREATE_PAGEFILE_PRIVILEGE
#define KeGetPreviousMode()
_In_ ACCESS_MASK AccessMask
_In_ PMEMORY_AREA _In_ PVOID _In_ BOOLEAN _Inout_ PMM_REQUIRED_RESOURCES Required
#define ACCESS_SYSTEM_SECURITY
ACCESS_MASK * PACCESS_MASK
_In_ ULONG _In_ ULONG _In_ ULONG Length
#define SepAcquireTokenLockShared(Token)
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
#define SepReleaseTokenLock(Token)
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
const LUID SeDebugPrivilege
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
const LUID SeSyncAgentPrivilege
const LUID SeSystemProfilePrivilege
const LUID SeCreateTokenPrivilege
const LUID SeBackupPrivilege
const LUID SeTrustedCredmanPrivilege
BOOLEAN NTAPI SepSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ PTOKEN Token, _In_ KPROCESSOR_MODE PreviousMode)
Checks only single privilege based upon the privilege pointed by a LUID and if it matches with the on...
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
const LUID SeAssignPrimaryTokenPrivilege
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_opt_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
Captures a LUID with attributes structure. This function is mainly tied in the context of privileges.
const LUID SeTimeZonePrivilege
NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
Checks a client access token if it has the required set of privileges.
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
const LUID SeSystemtimePrivilege
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
const LUID SeCreateGlobalPrivilege
const LUID SeChangeNotifyPrivilege
const LUID SeImpersonatePrivilege
const LUID SeTcbPrivilege
const LUID SeManageVolumePrivilege
const LUID SeRestorePrivilege
const LUID SeRemoteShutdownPrivilege
const LUID SeLoadDriverPrivilege
const LUID SeIncreaseBasePriorityPrivilege
const LUID SeLockMemoryPrivilege
const LUID SeCreatePermanentPrivilege
#define CONST_LUID(x1, x2)
const LUID SeUndockPrivilege
const LUID SeCreatePagefilePrivilege
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
const LUID SeTakeOwnershipPrivilege
const LUID SeProfileSingleProcessPrivilege
const LUID SeShutdownPrivilege
const LUID SeSystemEnvironmentPrivilege
const LUID SeSecurityPrivilege
const LUID SeUnsolicitedInputPrivilege
const LUID SeCreateSymbolicLinkPrivilege
const LUID SeEnableDelegationPrivilege
const LUID SeRelabelPrivilege
const LUID SeIncreaseWorkingSetPrivilege
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
const LUID SeAuditPrivilege
const LUID SeIncreaseQuotaPrivilege
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
#define SE_MAXIMUM_PRIVILEGE_LIMIT
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
POBJECT_TYPE SeTokenObjectType
#define STATUS_BAD_IMPERSONATION_LEVEL
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define ProbeForWriteBoolean(Ptr)
#define STATUS_BUFFER_TOO_SMALL
PPRIVILEGE_SET PrivilegesUsed
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
#define TAG_PRIVILEGE_SET
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define STATUS_INVALID_PARAMETER
#define STATUS_INSUFFICIENT_RESOURCES
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
#define ObDereferenceObject
#define RtlEqualLuid(Luid1, Luid2)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_ KPROCESSOR_MODE PreviousMode
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_INC_WORKING_SET_PRIVILEGE
#define SE_RELABEL_PRIVILEGE
#define SE_PRIVILEGE_ENABLED
#define PRIVILEGE_SET_ALL_NECESSARY
#define SE_TIME_ZONE_PRIVILEGE
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
#define INITIAL_PRIVILEGE_COUNT
struct _PRIVILEGE_SET PRIVILEGE_SET
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE