ReactOS  0.4.11-dev-721-g95bc44e
priv.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/priv.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: No programmer listed.
8  */
9 
10 /* INCLUDES ******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 #if defined (ALLOC_PRAGMA)
17 #pragma alloc_text(INIT, SepInitPrivileges)
18 #endif
19 
20 /* GLOBALS ********************************************************************/
21 
22 #define CONST_LUID(x1, x2) {x1, x2}
57 
58 
59 /* PRIVATE FUNCTIONS **********************************************************/
60 
61 VOID
63 NTAPI
65 {
66 
67 }
68 
69 
70 BOOLEAN
71 NTAPI
74  ULONG PrivilegeCount,
75  ULONG PrivilegeControl,
77 {
78  ULONG i;
79  ULONG j;
81 
82  DPRINT("SepPrivilegeCheck() called\n");
83 
84  PAGED_CODE();
85 
86  if (PreviousMode == KernelMode)
87  return TRUE;
88 
89  /* Get the number of privileges that are required to match */
90  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
91 
92  /* Acquire a shared token lock */
94 
95  /* Loop all requested privileges until we found the required ones */
96  for (i = 0; i < PrivilegeCount; i++)
97  {
98  /* Loop the privileges of the token */
99  for (j = 0; j < Token->PrivilegeCount; j++)
100  {
101  /* Check if the LUIDs match */
102  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
103  {
104  DPRINT("Found privilege. Attributes: %lx\n",
105  Token->Privileges[j].Attributes);
106 
107  /* Check if the privilege is enabled */
109  {
111  Required--;
112 
113  /* Check if we have found all privileges */
114  if (Required == 0)
115  {
116  /* We're done! */
117  SepReleaseTokenLock(Token);
118  return TRUE;
119  }
120  }
121 
122  /* Leave the inner loop */
123  break;
124  }
125  }
126  }
127 
128  /* Release the token lock */
129  SepReleaseTokenLock(Token);
130 
131  /* When we reached this point, we did not find all privileges */
132  ASSERT(Required > 0);
133  return FALSE;
134 }
135 
136 NTSTATUS
137 NTAPI
139  LUID PrivilegeValue,
140  PTOKEN Token,
142 {
144  PAGED_CODE();
145  ASSERT(!RtlEqualLuid(&PrivilegeValue, &SeTcbPrivilege));
146 
147  Privilege.Luid = PrivilegeValue;
148  Privilege.Attributes = SE_PRIVILEGE_ENABLED;
149  return SepPrivilegeCheck(Token,
150  &Privilege,
151  1,
153  PreviousMode);
154 }
155 
156 NTSTATUS
157 NTAPI
162  _In_ PTOKEN Token,
163  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
165 {
166  SIZE_T PrivilegeSize;
167  PPRIVILEGE_SET PrivilegeSet;
168  ULONG PrivilegeCount = 0, Index = 0;
170  PAGED_CODE();
171 
172  /* Check if we have a security subject context */
173  if (SubjectContext != NULL)
174  {
175  /* Check if there is a client impersonation token */
176  if (SubjectContext->ClientToken != NULL)
177  Token = SubjectContext->ClientToken;
178  else
179  Token = SubjectContext->PrimaryToken;
180  }
181 
182  /* Check if the caller wants ACCESS_SYSTEM_SECURITY access */
183  if (*DesiredAccess & ACCESS_SYSTEM_SECURITY)
184  {
185  /* Do the privilege check */
186  if (SepSinglePrivilegeCheck(SeSecurityPrivilege, Token, PreviousMode))
187  {
188  /* Remember this access flag */
189  AccessMask |= ACCESS_SYSTEM_SECURITY;
190  PrivilegeCount++;
191  }
192  else
193  {
195  }
196  }
197 
198  /* Check if the caller wants WRITE_OWNER access */
199  if (*DesiredAccess & WRITE_OWNER)
200  {
201  /* Do the privilege check */
202  if (SepSinglePrivilegeCheck(SeTakeOwnershipPrivilege, Token, PreviousMode))
203  {
204  /* Remember this access flag */
205  AccessMask |= WRITE_OWNER;
206  PrivilegeCount++;
207  }
208  }
209 
210  /* Update the access masks */
211  *GrantedAccess |= AccessMask;
212  *DesiredAccess &= ~AccessMask;
213 
214  /* Does the caller want a privilege set? */
215  if (OutPrivilegeSet != NULL)
216  {
217  /* Do we have any privileges to report? */
218  if (PrivilegeCount > 0)
219  {
220  /* Calculate size and allocate the structure */
221  PrivilegeSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
222  PrivilegeSet = ExAllocatePoolWithTag(PagedPool, PrivilegeSize, TAG_PRIVILEGE_SET);
223  *OutPrivilegeSet = PrivilegeSet;
224  if (PrivilegeSet == NULL)
225  {
227  }
228 
229  PrivilegeSet->PrivilegeCount = PrivilegeCount;
230  PrivilegeSet->Control = 0;
231 
232  if (AccessMask & WRITE_OWNER)
233  {
234  PrivilegeSet->Privilege[Index].Luid = SeTakeOwnershipPrivilege;
236  Index++;
237  }
238 
239  if (AccessMask & ACCESS_SYSTEM_SECURITY)
240  {
241  PrivilegeSet->Privilege[Index].Luid = SeSecurityPrivilege;
243  }
244  }
245  else
246  {
247  /* No privileges, no structure */
248  *OutPrivilegeSet = NULL;
249  }
250  }
251 
252  return STATUS_SUCCESS;
253 }
254 
255 BOOLEAN
256 NTAPI
260 {
261  PRIVILEGE_SET PrivilegeSet;
262  BOOLEAN Result;
263  PAGED_CODE();
264 
265  /* Initialize the privilege set with the single privilege */
266  PrivilegeSet.PrivilegeCount = 1;
267  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
268  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
269  PrivilegeSet.Privilege[0].Attributes = 0;
270 
271  /* Check against the primary token! */
272  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
273  &PrivilegeSet.Privilege[0],
274  1,
276  PreviousMode);
277 
278  if (PreviousMode != KernelMode)
279  {
281  SubjectContext,
282  &PrivilegeSet,
283  Result);
284  }
285 
286  return Result;
287 }
288 
289 NTSTATUS
290 NTAPI
292  ULONG PrivilegeCount,
294  PLUID_AND_ATTRIBUTES AllocatedMem,
295  ULONG AllocatedLength,
297  BOOLEAN CaptureIfKernel,
298  PLUID_AND_ATTRIBUTES *Dest,
299  PULONG Length)
300 {
303 
304  PAGED_CODE();
305 
306  if (PrivilegeCount == 0)
307  {
308  *Dest = 0;
309  *Length = 0;
310  return STATUS_SUCCESS;
311  }
312 
313  if (PreviousMode == KernelMode && !CaptureIfKernel)
314  {
315  *Dest = Src;
316  return STATUS_SUCCESS;
317  }
318 
319  /* FIXME - check PrivilegeCount for a valid number so we don't
320  cause an integer overflow or exhaust system resources! */
321 
322  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
323  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
324 
325  /* probe the buffer */
326  if (PreviousMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Src,
331  BufferSize,
332  sizeof(ULONG));
333  }
335  {
336  /* Return the exception code */
338  }
339  _SEH2_END;
340  }
341 
342  /* allocate enough memory or check if the provided buffer is
343  large enough to hold the array */
344  if (AllocatedMem != NULL)
345  {
346  if (AllocatedLength < BufferSize)
347  {
349  }
350 
351  *Dest = AllocatedMem;
352  }
353  else
354  {
355  *Dest = ExAllocatePoolWithTag(PoolType,
356  BufferSize,
357  TAG_LUID);
358  if (*Dest == NULL)
359  {
361  }
362  }
363 
364  /* copy the array to the buffer */
365  _SEH2_TRY
366  {
367  RtlCopyMemory(*Dest,
368  Src,
369  BufferSize);
370  }
372  {
373  Status = _SEH2_GetExceptionCode();
374  }
375  _SEH2_END;
376 
377  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
378  {
379  ExFreePoolWithTag(*Dest, TAG_LUID);
380  }
381 
382  return Status;
383 }
384 
385 VOID
386 NTAPI
389  BOOLEAN CaptureIfKernel)
390 {
391  PAGED_CODE();
392 
393  if (Privilege != NULL &&
394  (PreviousMode != KernelMode || CaptureIfKernel))
395  {
396  ExFreePoolWithTag(Privilege, TAG_LUID);
397  }
398 }
399 
400 /* PUBLIC FUNCTIONS ***********************************************************/
401 
402 /*
403  * @implemented
404  */
405 NTSTATUS
406 NTAPI
409 {
410  PAUX_ACCESS_DATA AuxData;
411  ULONG OldPrivilegeSetSize;
412  ULONG NewPrivilegeSetSize;
413  PPRIVILEGE_SET PrivilegeSet;
414 
415  PAGED_CODE();
416 
417  /* Get the Auxiliary Data */
418  AuxData = AccessState->AuxData;
419 
420  /* Calculate the size of the old privilege set */
421  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
422  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
423 
424  if (AuxData->PrivilegeSet->PrivilegeCount +
425  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
426  {
427  /* Calculate the size of the new privilege set */
428  NewPrivilegeSetSize = OldPrivilegeSetSize +
429  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
430 
431  /* Allocate a new privilege set */
432  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
433  NewPrivilegeSetSize,
435  if (PrivilegeSet == NULL)
437 
438  /* Copy original privileges from the acess state */
439  RtlCopyMemory(PrivilegeSet,
440  AuxData->PrivilegeSet,
441  OldPrivilegeSetSize);
442 
443  /* Append privileges from the privilege set*/
444  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
445  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
446  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
447 
448  /* Adjust the number of privileges in the new privilege set */
449  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
450 
451  /* Free the old privilege set if it was allocated */
452  if (AccessState->PrivilegesAllocated != FALSE)
454 
455  /* Now we are using an allocated privilege set */
456  AccessState->PrivilegesAllocated = TRUE;
457 
458  /* Assign the new privileges to the access state */
459  AuxData->PrivilegeSet = PrivilegeSet;
460  }
461  else
462  {
463  /* Append privileges */
464  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
465  (PVOID)((ULONG_PTR)Privileges + sizeof(PRIVILEGE_SET) - sizeof(LUID_AND_ATTRIBUTES)),
466  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
467 
468  /* Adjust the number of privileges in the target privilege set */
469  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
470  }
471 
472  return STATUS_SUCCESS;
473 }
474 
475 /*
476  * @implemented
477  */
478 VOID
479 NTAPI
481 {
482  PAGED_CODE();
484 }
485 
486 /*
487  * @implemented
488  */
489 BOOLEAN
490 NTAPI
494 {
496 
497  PAGED_CODE();
498 
499  if (SubjectContext->ClientToken == NULL)
500  {
501  Token = SubjectContext->PrimaryToken;
502  }
503  else
504  {
505  Token = SubjectContext->ClientToken;
506  if (SubjectContext->ImpersonationLevel < 2)
507  {
508  return FALSE;
509  }
510  }
511 
512  return SepPrivilegeCheck(Token,
513  Privileges->Privilege,
514  Privileges->PrivilegeCount,
515  Privileges->Control,
516  PreviousMode);
517 }
518 
519 /*
520  * @implemented
521  */
522 BOOLEAN
523 NTAPI
526 {
528  PRIVILEGE_SET Priv;
529  BOOLEAN Result;
530 
531  PAGED_CODE();
532 
533  SeCaptureSubjectContext(&SubjectContext);
534 
535  Priv.PrivilegeCount = 1;
537  Priv.Privilege[0].Luid = PrivilegeValue;
539 
540  Result = SePrivilegeCheck(&Priv,
541  &SubjectContext,
542  PreviousMode);
543 
544  if (PreviousMode != KernelMode)
545  {
547  &SubjectContext,
548  &Priv,
549  Result);
550 
551  }
552 
553  SeReleaseSubjectContext(&SubjectContext);
554 
555  return Result;
556 }
557 
558 BOOLEAN
559 NTAPI
561  IN HANDLE ObjectHandle,
564 {
566  PRIVILEGE_SET Priv;
567  BOOLEAN Result;
568 
569  PAGED_CODE();
570 
571  SeCaptureSubjectContext(&SubjectContext);
572 
573  Priv.PrivilegeCount = 1;
575  Priv.Privilege[0].Luid = PrivilegeValue;
577 
578  Result = SePrivilegeCheck(&Priv, &SubjectContext, PreviousMode);
579  if (PreviousMode != KernelMode)
580  {
581 #if 0
582  SePrivilegeObjectAuditAlarm(ObjectHandle,
583  &SubjectContext,
584  DesiredAccess,
585  &PrivilegeValue,
586  Result,
587  PreviousMode);
588 #endif
589  }
590 
591  SeReleaseSubjectContext(&SubjectContext);
592 
593  return Result;
594 }
595 
596 /* SYSTEM CALLS ***************************************************************/
597 
598 NTSTATUS
599 NTAPI
601  IN PPRIVILEGE_SET RequiredPrivileges,
603 {
605  PTOKEN Token;
606  ULONG PrivilegeCount = 0;
607  ULONG PrivilegeControl = 0;
608  ULONG Length;
609  BOOLEAN CheckResult;
612 
613  PAGED_CODE();
614 
615  PreviousMode = KeGetPreviousMode();
616 
617  /* probe the buffers */
618  if (PreviousMode != KernelMode)
619  {
620  _SEH2_TRY
621  {
622  ProbeForWrite(RequiredPrivileges,
624  Privilege),
625  sizeof(ULONG));
626 
627  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
628  PrivilegeControl = RequiredPrivileges->Control;
629 
630  /* Check PrivilegeCount to avoid an integer overflow! */
632  Privilege[PrivilegeCount]) /
633  sizeof(RequiredPrivileges->Privilege[0]) != PrivilegeCount)
634  {
636  }
637 
638  /* probe all of the array */
639  ProbeForWrite(RequiredPrivileges,
641  Privilege[PrivilegeCount]),
642  sizeof(ULONG));
643 
644  ProbeForWriteBoolean(Result);
645  }
647  {
648  /* Return the exception code */
650  }
651  _SEH2_END;
652  }
653  else
654  {
655  PrivilegeCount = RequiredPrivileges->PrivilegeCount;
656  PrivilegeControl = RequiredPrivileges->Control;
657  }
658 
659  /* reference the token and make sure we're
660  not doing an anonymous impersonation */
661  Status = ObReferenceObjectByHandle(ClientToken,
662  TOKEN_QUERY,
664  PreviousMode,
665  (PVOID*)&Token,
666  NULL);
667  if (!NT_SUCCESS(Status))
668  {
669  return Status;
670  }
671 
672  if (Token->TokenType == TokenImpersonation &&
674  {
675  ObDereferenceObject(Token);
677  }
678 
679  /* capture the privileges */
680  Status = SeCaptureLuidAndAttributesArray(RequiredPrivileges->Privilege,
681  PrivilegeCount,
682  PreviousMode,
683  NULL,
684  0,
685  PagedPool,
686  TRUE,
687  &Privileges,
688  &Length);
689  if (!NT_SUCCESS(Status))
690  {
691  ObDereferenceObject (Token);
692  return Status;
693  }
694 
695  CheckResult = SepPrivilegeCheck(Token,
696  Privileges,
697  PrivilegeCount,
698  PrivilegeControl,
699  PreviousMode);
700 
701  ObDereferenceObject(Token);
702 
703  /* return the array */
704  _SEH2_TRY
705  {
706  RtlCopyMemory(RequiredPrivileges->Privilege,
707  Privileges,
708  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
709  *Result = CheckResult;
710  Status = STATUS_SUCCESS;
711  }
713  {
714  Status = _SEH2_GetExceptionCode();
715  }
716  _SEH2_END;
717 
719  PreviousMode,
720  TRUE);
721 
722  return Status;
723 }
724 
725 /* EOF */
DWORD *typedef PVOID
Definition: winlogon.h:61
TOKEN_TYPE TokenType
Definition: setypes.h:175
#define SE_CREATE_PERMANENT_PRIVILEGE
Definition: security.c:670
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:187
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
const LUID SeLoadDriverPrivilege
Definition: priv.c:31
const LUID SeSyncAgentPrivilege
Definition: priv.c:47
#define IN
Definition: typedefs.h:38
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean GLenum GLenum GLint GLsizei GLenum GLsizei GLenum const GLvoid GLboolean const GLboolean GLenum const GLdouble const GLfloat const GLdouble const GLfloat GLenum GLint GLint GLint GLint GLint GLint j
Definition: glfuncs.h:98
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
const LUID SeCreatePagefilePrivilege
Definition: priv.c:36
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI NtPrivilegeCheck(IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result)
Definition: priv.c:600
const LUID SeTimeZonePrivilege
Definition: priv.c:55
#define SE_INC_WORKING_SET_PRIVILEGE
Definition: setypes.h:184
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
struct _PRIVILEGE_SET PRIVILEGE_SET
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SE_CREATE_TOKEN_PRIVILEGE
Definition: security.c:656
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
Definition: setypes.h:186
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define SE_LOCK_MEMORY_PRIVILEGE
Definition: security.c:658
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
const LUID SeRestorePrivilege
Definition: priv.c:39
#define KeGetPreviousMode()
Definition: ketypes.h:1081
#define SE_DEBUG_PRIVILEGE
Definition: security.c:674
#define SE_LOAD_DRIVER_PRIVILEGE
Definition: security.c:664
const LUID SeTcbPrivilege
Definition: priv.c:28
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SE_RESTORE_PRIVILEGE
Definition: security.c:672
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define SE_SYSTEMTIME_PRIVILEGE
Definition: security.c:666
#define SE_TAKE_OWNERSHIP_PRIVILEGE
Definition: security.c:663
PVOID PACCESS_TOKEN
Definition: setypes.h:11
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
#define SE_SYNC_AGENT_PRIVILEGE
Definition: security.c:680
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
const LUID SeAuditPrivilege
Definition: priv.c:42
ULONG PrivilegeCount
Definition: setypes.h:164
$ULONG Control
Definition: setypes.h:87
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define WRITE_OWNER
Definition: nt_native.h:60
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE
Definition: setypes.h:182
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:172
const LUID SeCreatePermanentPrivilege
Definition: priv.c:37
#define BufferSize
Definition: acefiex.h:377
VOID INIT_FUNCTION NTAPI SepInitPrivileges(VOID)
Definition: priv.c:64
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:34
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:52
_SEH2_TRY
Definition: create.c:4250
uint32_t ULONG_PTR
Definition: typedefs.h:63
BOOLEAN NTAPI SeCheckPrivilegedObject(IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:560
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLenum GLclampf GLint i
Definition: glfuncs.h:14
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define SE_TCB_PRIVILEGE
Definition: security.c:661
const LUID SeImpersonatePrivilege
Definition: priv.c:50
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
const LUID SeShutdownPrivilege
Definition: priv.c:40
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
NTSTATUS NTAPI SeAppendPrivileges(IN OUT PACCESS_STATE AccessState, IN PPRIVILEGE_SET Privileges)
Definition: priv.c:407
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:45
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
#define SE_RELABEL_PRIVILEGE
Definition: setypes.h:183
void DPRINT(...)
Definition: polytest.cpp:61
#define SE_TIME_ZONE_PRIVILEGE
Definition: setypes.h:185
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:27
#define SE_UNDOCK_PRIVILEGE
Definition: security.c:679
#define SE_SHUTDOWN_PRIVILEGE
Definition: security.c:673
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
$ULONG PrivilegeCount
Definition: setypes.h:86
NTSTATUS NTAPI SepSinglePrivilegeCheck(LUID PrivilegeValue, PTOKEN Token, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:138
const LUID SeBackupPrivilege
Definition: priv.c:38
#define SE_CREATE_PAGEFILE_PRIVILEGE
Definition: security.c:669
#define SE_INCREASE_QUOTA_PRIVILEGE
Definition: security.c:659
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:35
#define _Out_opt_
Definition: no_sal2.h:339
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
unsigned char BOOLEAN
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PACCESS_TOKEN PrimaryToken
Definition: setypes.h:192
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeSecurityPrivilege
Definition: priv.c:29
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:158
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:72
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
const LUID SeSystemProfilePrivilege
Definition: priv.c:32
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
#define TAG_LUID
Definition: tag.h:178
INT POOL_TYPE
Definition: typedefs.h:76
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
static const UCHAR Index[8]
Definition: usbohci.c:18
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition: security.c:678
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
#define _Inout_
Definition: no_sal2.h:244
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:24
const LUID SeChangeNotifyPrivilege
Definition: priv.c:44
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define CONST_LUID(x1, x2)
Definition: priv.c:22
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
const LUID SeSystemtimePrivilege
Definition: priv.c:33
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:56
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:257
char * PBOOLEAN
Definition: retypes.h:11
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
IN REFCLSID IN PUNKNOWN IN POOL_TYPE PoolType
Definition: unknown.h:68
VOID UINTN Length
Definition: acefiex.h:744
const LUID SeCreateGlobalPrivilege
Definition: priv.c:51
#define SepReleaseTokenLock(Token)
Definition: se.h:211
const LUID SeLockMemoryPrivilege
Definition: priv.c:25
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:26
#define SE_INC_BASE_PRIORITY_PRIVILEGE
Definition: security.c:668
const LUID SeUndockPrivilege
Definition: priv.c:46
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:491
Status
Definition: gdiplustypes.h:24
#define SE_ENABLE_DELEGATION_PRIVILEGE
Definition: security.c:681
#define _In_
Definition: no_sal2.h:204
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:54
const LUID SeDebugPrivilege
Definition: priv.c:41
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
DWORD *typedef HANDLE
Definition: winlogon.h:61
_SEH2_END
Definition: create.c:4424
#define SE_MANAGE_VOLUME_PRIVILEGE
Definition: security.c:682
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
VOID NTAPI SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
Definition: priv.c:480
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:30
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define SE_SYSTEM_PROFILE_PRIVILEGE
Definition: security.c:665
const LUID SeManageVolumePrivilege
Definition: priv.c:49
unsigned int * PULONG
Definition: retypes.h:1
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:144
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition: security.c:667
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:191
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition: security.c:676
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845
#define OUT
Definition: typedefs.h:39
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition: security.c:657
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define SE_BACKUP_PRIVILEGE
Definition: security.c:671
_In_opt_ PVOID _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fsrtltypes.h:293
const LUID SeEnableDelegationPrivilege
Definition: priv.c:48
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
const LUID SeRelabelPrivilege
Definition: priv.c:53
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:66
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:43
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
return STATUS_SUCCESS
Definition: btrfs.c:2710
PACCESS_TOKEN ClientToken
Definition: setypes.h:190
#define SE_AUDIT_PRIVILEGE
Definition: security.c:675
ULONG ACCESS_MASK
Definition: nt_native.h:40
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:52
#define INIT_FUNCTION
Definition: ntoskrnl.h:11