ReactOS  0.4.15-dev-2701-g34593d9
semgr.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for semgr.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static BOOLEAN SepInitExports (VOID)
 
BOOLEAN NTAPI SepInitializationPhase0 (VOID)
 
BOOLEAN NTAPI SepInitializationPhase1 (VOID)
 
BOOLEAN NTAPI SeInitSystem (VOID)
 
NTSTATUS NTAPI SeDefaultObjectMethod (IN PVOID Object, IN SECURITY_OPERATION_CODE OperationType, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG ReturnLength OPTIONAL, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
 
VOID NTAPI SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
VOID NTAPI SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
NTSTATUS NTAPI SeReportSecurityEvent (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 
_Const_ NTSTATUS NTAPI SeSetAuditParameter (_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
 

Variables

PTOKEN SeAnonymousLogonToken = NULL
 
PTOKEN SeAnonymousLogonTokenNoEveryone = NULL
 
PSE_EXPORTS SeExports = NULL
 
SE_EXPORTS SepExports
 
ULONG SidInTokenCalls = 0
 
ULONG ExpInitializationPhase
 
ERESOURCE SepSubjectContextLock
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file semgr.c.

Function Documentation

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( IN PVOID  Object,
IN SECURITY_OPERATION_CODE  OperationType,
IN PSECURITY_INFORMATION  SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN OUT PULONG ReturnLength  OPTIONAL,
IN OUT PSECURITY_DESCRIPTOR OldSecurityDescriptor,
IN POOL_TYPE  PoolType,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 280 of file semgr.c.

288 {
289  PAGED_CODE();
290 
291  /* Select the operation type */
292  switch (OperationType)
293  {
294  /* Setting a new descriptor */
295  case SetSecurityDescriptor:
296 
297  /* Sanity check */
299 
300  /* Set the information */
304  OldSecurityDescriptor,
305  PoolType,
307 
308  case QuerySecurityDescriptor:
309 
310  /* Query the information */
314  ReturnLength,
315  OldSecurityDescriptor);
316 
317  case DeleteSecurityDescriptor:
318 
319  /* De-assign it */
320  return ObDeassignSecurity(OldSecurityDescriptor);
321 
322  case AssignSecurityDescriptor:
323 
324  /* Assign it */
326  return STATUS_SUCCESS;
327 
328  default:
329 
330  /* Bug check */
331  KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
332  }
333 
334  /* Should never reach here */
335  ASSERT(FALSE);
336  return STATUS_SUCCESS;
337 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define FALSE
Definition: types.h:117
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
#define ASSERT(a)
Definition: mode.c:44
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
#define STATUS_SUCCESS
Definition: shellext.h:65
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
#define PAGED_CODE()

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Definition at line 251 of file semgr.c.

252 {
253  /* Check the initialization phase */
254  switch (ExpInitializationPhase)
255  {
256  case 0:
257 
258  /* Do Phase 0 */
259  return SepInitializationPhase0();
260 
261  case 1:
262 
263  /* Do Phase 1 */
264  return SepInitializationPhase1();
265 
266  default:
267 
268  /* Don't know any other phase! Bugcheck! */
269  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
270  0,
272  0,
273  0);
274  return FALSE;
275  }
276 }
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:98
#define FALSE
Definition: types.h:117
ULONG ExpInitializationPhase
Definition: init.c:66
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:143
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SepInitExports()

static BOOLEAN SepInitExports ( VOID  )
static

Definition at line 32 of file semgr.c.

33 {
57 
82 
89 
91  return TRUE;
92 }
PSID SeAliasBackupOpsSid
Definition: setypes.h:1182
PSID SeAliasAdminsSid
Definition: setypes.h:1175
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:41
LUID SeEnableDelegationPrivilege
Definition: setypes.h:1188
LUID SeShutdownPrivilege
Definition: setypes.h:1158
LUID SeManageVolumePrivilege
Definition: setypes.h:1191
const LUID SeSystemtimePrivilege
Definition: priv.c:29
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
const LUID SeDebugPrivilege
Definition: priv.c:37
const LUID SeBackupPrivilege
Definition: priv.c:34
#define TRUE
Definition: types.h:120
LUID SeDebugPrivilege
Definition: setypes.h:1159
PSID SeAuthenticatedUsersSid
Definition: setypes.h:1183
LUID SeChangeNotifyPrivilege
Definition: setypes.h:1162
LUID SeLockMemoryPrivilege
Definition: setypes.h:1143
const LUID SeEnableDelegationPrivilege
Definition: priv.c:44
PSID SeAliasBackupOpsSid
Definition: sid.c:50
PSID SeAnonymousLogonSid
Definition: setypes.h:1185
PSID SeAliasGuestsSid
Definition: setypes.h:1177
PSID SeRestrictedSid
Definition: sid.c:52
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
const LUID SeSystemProfilePrivilege
Definition: priv.c:28
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
PSID SeAliasPrintOpsSid
Definition: sid.c:49
PSID SeAliasAccountOpsSid
Definition: sid.c:47
const LUID SeSyncAgentPrivilege
Definition: priv.c:43
LUID SeUnsolicitedInputPrivilege
Definition: setypes.h:1145
PSID SeAliasSystemOpsSid
Definition: setypes.h:1180
LUID SeSecurityPrivilege
Definition: setypes.h:1147
PSID SeBatchSid
Definition: setypes.h:1172
SE_EXPORTS SepExports
Definition: semgr.c:21
PSID SeNullSid
Definition: setypes.h:1164
PSE_EXPORTS SeExports
Definition: semgr.c:20
PSID SeCreatorGroupSid
Definition: sid.c:30
PSID SeNtAuthoritySid
Definition: sid.c:33
LUID SeLoadDriverPrivilege
Definition: setypes.h:1149
LUID SeUndockPrivilege
Definition: setypes.h:1186
PSID SeNetworkServiceSid
Definition: sid.c:55
PSID SeNetworkServiceSid
Definition: setypes.h:1190
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
const LUID SeManageVolumePrivilege
Definition: priv.c:45
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
PSID SeAliasPowerUsersSid
Definition: setypes.h:1178
LUID SeSystemEnvironmentPrivilege
Definition: setypes.h:1161
LUID SeProfileSingleProcessPrivilege
Definition: setypes.h:1154
PSID SeDialupSid
Definition: setypes.h:1170
PSID SeAliasUsersSid
Definition: sid.c:44
PSID SeNetworkSid
Definition: setypes.h:1171
PSID SeAliasAccountOpsSid
Definition: setypes.h:1179
LUID SeTcbPrivilege
Definition: setypes.h:1146
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
LUID SeImpersonatePrivilege
Definition: setypes.h:1192
LUID SeRemoteShutdownPrivilege
Definition: setypes.h:1163
const LUID SeRestorePrivilege
Definition: priv.c:35
LUID SeCreatePermanentPrivilege
Definition: setypes.h:1155
PSID SeLocalServiceSid
Definition: sid.c:54
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
PSID SeAliasAdminsSid
Definition: sid.c:43
PSID SeLocalServiceSid
Definition: setypes.h:1189
PSID SeCreatorOwnerSid
Definition: sid.c:29
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
PSID SeWorldSid
Definition: sid.c:27
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
PSID SeLocalSid
Definition: sid.c:28
PSID SeAliasGuestsSid
Definition: sid.c:45
const LUID SeTcbPrivilege
Definition: priv.c:24
LUID SeCreateGlobalPrivilege
Definition: setypes.h:1193
LUID SeBackupPrivilege
Definition: setypes.h:1156
LUID SeIncreaseBasePriorityPrivilege
Definition: setypes.h:1151
PSID SeAliasUsersSid
Definition: setypes.h:1176
const LUID SeShutdownPrivilege
Definition: priv.c:36
PSID SeAliasPowerUsersSid
Definition: sid.c:46
LUID SeSystemtimePrivilege
Definition: setypes.h:1153
PSID SeDialupSid
Definition: sid.c:34
PSID SeCreatorOwnerSid
Definition: setypes.h:1167
PSID SeAliasSystemOpsSid
Definition: sid.c:48
LUID SeSyncAgentPrivilege
Definition: setypes.h:1187
const LUID SeSecurityPrivilege
Definition: priv.c:25
PSID SeNtAuthoritySid
Definition: setypes.h:1169
LUID SeAuditPrivilege
Definition: setypes.h:1160
PSID SeLocalSystemSid
Definition: sid.c:40
PSID SeRestrictedSid
Definition: setypes.h:1184
PSID SeNetworkSid
Definition: sid.c:35
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:23
LUID SeIncreaseQuotaPrivilege
Definition: setypes.h:1144
LUID SeTakeOwnershipPrivilege
Definition: setypes.h:1148
PSID SeInteractiveSid
Definition: sid.c:37
PSID SeBatchSid
Definition: sid.c:36
PSID SeAnonymousLogonSid
Definition: se.h:155
LUID SeAssignPrimaryTokenPrivilege
Definition: setypes.h:1142
PSID SeWorldSid
Definition: setypes.h:1165
LUID SeRestorePrivilege
Definition: setypes.h:1157
PSID SeLocalSid
Definition: setypes.h:1166
const LUID SeUndockPrivilege
Definition: priv.c:42
PSID SeCreatorGroupSid
Definition: setypes.h:1168
PSID SeNullSid
Definition: sid.c:26
const LUID SeAuditPrivilege
Definition: priv.c:38
LUID SeSystemProfilePrivilege
Definition: setypes.h:1152
LUID SeCreatePagefilePrivilege
Definition: setypes.h:1150
PSID SeAliasPrintOpsSid
Definition: setypes.h:1181
PSID SeLocalSystemSid
Definition: setypes.h:1174
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
PSID SeInteractiveSid
Definition: setypes.h:1173
LUID SeCreateTokenPrivilege
Definition: setypes.h:1141

Referenced by SepInitializationPhase0().

◆ SepInitializationPhase0()

BOOLEAN NTAPI SepInitializationPhase0 ( VOID  )

Definition at line 98 of file semgr.c.

99 {
100  PAGED_CODE();
101 
102  if (!ExLuidInitialization()) return FALSE;
103  if (!SepInitSecurityIDs()) return FALSE;
104  if (!SepInitDACLs()) return FALSE;
105  if (!SepInitSDs()) return FALSE;
107  if (!SepInitExports()) return FALSE;
108 
109  /* Initialize the subject context lock */
111 
112  /* Initialize token objects */
114 
115  /* Initialize logon sessions */
116  if (!SeRmInitPhase0()) return FALSE;
117 
118  /* Clear impersonation info for the idle thread */
119  PsGetCurrentThread()->ImpersonationInfo = NULL;
122 
123  /* Initialize the boot token */
127 
128  /* Initialise the anonymous logon tokens */
131  return FALSE;
132 
135  return FALSE;
136 
137  return TRUE;
138 }
BOOLEAN NTAPI ExLuidInitialization(VOID)
Definition: uuid.c:325
#define ExInitializeResource
Definition: exfuncs.h:346
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1508
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SepInitPrivileges(VOID)
Definition: priv.c:60
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Definition: sid.c:96
BOOLEAN NTAPI SepInitDACLs(VOID)
Definition: acl.c:31
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:19
#define FALSE
Definition: types.h:117
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1658
VOID NTAPI SepInitializeTokenImplementation(VOID)
Definition: token.c:1189
#define PsGetCurrentProcess
Definition: psfuncs.h:17
static BOOLEAN SepInitExports(VOID)
Definition: semgr.c:32
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Definition: srm.c:173
#define NULL
Definition: types.h:112
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:18
ERESOURCE SepSubjectContextLock
Definition: access.c:19
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1726
#define PAGED_CODE()
BOOLEAN NTAPI SepInitSDs(VOID)
Definition: sd.c:31

Referenced by SeInitSystem().

◆ SepInitializationPhase1()

BOOLEAN NTAPI SepInitializationPhase1 ( VOID  )

Definition at line 143 of file semgr.c.

144 {
147  HANDLE SecurityHandle;
151  PACL Dacl;
152  ULONG DaclLength;
153 
154  PAGED_CODE();
155 
156  /* Insert the system token into the tree */
158  ~MAX_FAST_REFS),
159  NULL,
160  0,
161  0,
162  NULL,
163  NULL);
165 
166  /* Create a security descriptor for the directory */
168 
169  /* Setup the ACL */
170  DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
175  if (Dacl == NULL)
176  {
177  return FALSE;
178  }
179 
180  Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
182 
183  /* Grant full access to SYSTEM */
185  ACL_REVISION,
189 
190  /* Allow admins to traverse and query */
192  ACL_REVISION,
196 
197  /* Allow anyone to traverse */
199  ACL_REVISION,
201  SeWorldSid);
203 
204  /* And link ACL and SD */
207 
208  /* Create '\Security' directory */
209  RtlInitUnicodeString(&Name, L"\\Security");
211  &Name,
213  0,
215 
216  Status = ZwCreateDirectoryObject(&SecurityHandle,
220 
221  /* Free the DACL */
223 
224  /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */
225  RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED");
227  &Name,
229  SecurityHandle,
231 
232  Status = ZwCreateEvent(&EventHandle,
236  FALSE);
238 
241 
242  Status = ZwClose(SecurityHandle);
244 
245  return TRUE;
246 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
#define FALSE
Definition: types.h:117
#define GENERIC_WRITE
Definition: nt_native.h:90
struct NameRec_ * Name
Definition: cdprocs.h:459
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
Status
Definition: gdiplustypes.h:24
#define TAG_SE
Definition: tag.h:173
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
PSID SeAliasAdminsSid
Definition: sid.c:43
static const WCHAR L[]
Definition: oid.c:1250
#define OBJ_PERMANENT
Definition: winternl.h:226
PSID SeWorldSid
Definition: sid.c:27
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:40
unsigned int ULONG
Definition: retypes.h:1
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define MAX_FAST_REFS
Definition: ex.h:131
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()
_Out_ PHANDLE EventHandle
Definition: iofuncs.h:857

Referenced by SeInitSystem().

◆ SeQuerySecurityAccessMask()

VOID NTAPI SeQuerySecurityAccessMask ( IN SECURITY_INFORMATION  SecurityInformation,
OUT PACCESS_MASK  DesiredAccess 
)

Definition at line 341 of file semgr.c.

343 {
344  *DesiredAccess = 0;
345 
348  {
350  }
351 
353  {
355  }
356 }
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define READ_CONTROL
Definition: nt_native.h:58
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by NtQuerySecurityObject().

◆ SeReportSecurityEvent()

NTSTATUS NTAPI SeReportSecurityEvent ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters 
)

Definition at line 383 of file semgr.c.

388 {
390  PTOKEN EffectiveToken;
391  PISID Sid;
393 
394  /* Validate parameters */
395  if ((Flags != 0) ||
396  (SourceName == NULL) ||
397  (SourceName->Buffer == NULL) ||
398  (SourceName->Length == 0) ||
399  (AuditParameters == NULL) ||
400  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
401  {
403  }
404 
405  /* Validate the source name */
407  if (!NT_SUCCESS(Status))
408  {
409  return Status;
410  }
411 
412  /* Check if we have a user SID */
413  if (UserSid != NULL)
414  {
415  /* Validate it */
416  if (!RtlValidSid(UserSid))
417  {
419  }
420 
421  /* Use the user SID */
422  Sid = UserSid;
423  }
424  else
425  {
426  /* No user SID, capture the security subject context */
428 
429  /* Extract the effective token */
430  EffectiveToken = SubjectContext.ClientToken ?
431  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
432 
433  /* Use the user-and-groups SID */
434  Sid = EffectiveToken->UserAndGroups->Sid;
435  }
436 
438 
439  /* Check if we captured the subject context */
440  if (Sid != UserSid)
441  {
442  /* Release it */
444  }
445 
446  /* Return success */
447  return STATUS_SUCCESS;
448 }
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:228
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
#define UNIMPLEMENTED
Definition: debug.h:115
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:215
#define STATUS_SUCCESS
Definition: shellext.h:65

◆ SeSetAuditParameter()

_Const_ NTSTATUS NTAPI SeSetAuditParameter ( _Inout_ PSE_ADT_PARAMETER_ARRAY  AuditParameters,
_In_ SE_ADT_PARAMETER_TYPE  Type,
_In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG  Index,
_In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID  Data 
)

Definition at line 453 of file semgr.c.

458 {
460  return STATUS_SUCCESS;
461 }
#define UNIMPLEMENTED
Definition: debug.h:115
#define STATUS_SUCCESS
Definition: shellext.h:65

◆ SeSetSecurityAccessMask()

VOID NTAPI SeSetSecurityAccessMask ( IN SECURITY_INFORMATION  SecurityInformation,
OUT PACCESS_MASK  DesiredAccess 
)

Definition at line 360 of file semgr.c.

362 {
363  *DesiredAccess = 0;
364 
366  {
368  }
369 
371  {
373  }
374 
376  {
378  }
379 }
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define WRITE_OWNER
Definition: nt_native.h:60
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define WRITE_DAC
Definition: nt_native.h:59
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by NtSetSecurityObject().

Variable Documentation

◆ ExpInitializationPhase

◆ SeAnonymousLogonToken

PTOKEN SeAnonymousLogonToken = NULL

Definition at line 18 of file semgr.c.

Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().

◆ SeAnonymousLogonTokenNoEveryone

PTOKEN SeAnonymousLogonTokenNoEveryone = NULL

Definition at line 19 of file semgr.c.

Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().

◆ SeExports

◆ SepExports

SE_EXPORTS SepExports

Definition at line 21 of file semgr.c.

Referenced by SepInitExports().

◆ SepSubjectContextLock

ERESOURCE SepSubjectContextLock

Definition at line 19 of file access.c.

Referenced by SepInitializationPhase0().

◆ SidInTokenCalls

ULONG SidInTokenCalls = 0

Definition at line 22 of file semgr.c.