ReactOS  0.4.15-dev-3207-ga415bd4
semgr.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security manager infrastructure
5  * COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
6  * Copyright Eric Kohl
7  * Copyright Aleksey Bragin
8  * Copyright Alex Ionescu <alex@relsoft.net>
9  */
10 
11 /* INCLUDES *******************************************************************/
12 
13 #include <ntoskrnl.h>
14 #define NDEBUG
15 #include <debug.h>
16 
17 /* GLOBALS ********************************************************************/
18 
24 
27 
28 /* PRIVATE FUNCTIONS **********************************************************/
29 
38 static
39 CODE_SEG("INIT")
40 BOOLEAN
42 {
66 
91 
98 
100  return TRUE;
101 }
102 
112 CODE_SEG("INIT")
113 BOOLEAN
114 NTAPI
116 {
117  PAGED_CODE();
118 
119  if (!ExLuidInitialization()) return FALSE;
120  if (!SepInitSecurityIDs()) return FALSE;
121  if (!SepInitDACLs()) return FALSE;
122  if (!SepInitSDs()) return FALSE;
124  if (!SepInitExports()) return FALSE;
125 
126  /* Initialize the subject context lock */
128 
129  /* Initialize token objects */
131 
132  /* Initialize logon sessions */
133  if (!SeRmInitPhase0()) return FALSE;
134 
135  /* Clear impersonation info for the idle thread */
136  PsGetCurrentThread()->ImpersonationInfo = NULL;
139 
140  /* Initialize the boot token */
144 
145  /* Initialise the anonymous logon tokens */
148  return FALSE;
149 
152  return FALSE;
153 
154  return TRUE;
155 }
156 
165 CODE_SEG("INIT")
166 BOOLEAN
167 NTAPI
169 {
172  HANDLE SecurityHandle;
176  PACL Dacl;
177  ULONG DaclLength;
178 
179  PAGED_CODE();
180 
181  /* Insert the system token into the tree */
183  ~MAX_FAST_REFS),
184  NULL,
185  0,
186  0,
187  NULL,
188  NULL);
190 
191  /* Create a security descriptor for the directory */
193 
194  /* Setup the ACL */
195  DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
200  if (Dacl == NULL)
201  {
202  return FALSE;
203  }
204 
205  Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
207 
208  /* Grant full access to SYSTEM */
210  ACL_REVISION,
214 
215  /* Allow admins to traverse and query */
217  ACL_REVISION,
221 
222  /* Allow anyone to traverse */
224  ACL_REVISION,
226  SeWorldSid);
228 
229  /* And link ACL and SD */
232 
233  /* Create '\Security' directory */
234  RtlInitUnicodeString(&Name, L"\\Security");
236  &Name,
238  0,
240 
241  Status = ZwCreateDirectoryObject(&SecurityHandle,
245 
246  /* Free the DACL */
248 
249  /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */
250  RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED");
252  &Name,
254  SecurityHandle,
256 
257  Status = ZwCreateEvent(&EventHandle,
261  FALSE);
263 
266 
267  Status = ZwClose(SecurityHandle);
269 
270  return TRUE;
271 }
272 
282 CODE_SEG("INIT")
283 BOOLEAN
284 NTAPI
286 {
287  /* Check the initialization phase */
288  switch (ExpInitializationPhase)
289  {
290  case 0:
291 
292  /* Do Phase 0 */
293  return SepInitializationPhase0();
294 
295  case 1:
296 
297  /* Do Phase 1 */
298  return SepInitializationPhase1();
299 
300  default:
301 
302  /* Don't know any other phase! Bugcheck! */
303  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
304  0,
306  0,
307  0);
308  return FALSE;
309  }
310 }
311 
349 NTSTATUS
350 NTAPI
352  _In_ PVOID Object,
353  _In_ SECURITY_OPERATION_CODE OperationType,
357  _Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
360 {
361  PAGED_CODE();
362 
363  /* Select the operation type */
364  switch (OperationType)
365  {
366  /* Setting a new descriptor */
367  case SetSecurityDescriptor:
368 
369  /* Sanity check */
371 
372  /* Set the information */
376  OldSecurityDescriptor,
377  PoolType,
379 
380  case QuerySecurityDescriptor:
381 
382  /* Query the information */
386  ReturnLength,
387  OldSecurityDescriptor);
388 
389  case DeleteSecurityDescriptor:
390 
391  /* De-assign it */
392  return ObDeassignSecurity(OldSecurityDescriptor);
393 
394  case AssignSecurityDescriptor:
395 
396  /* Assign it */
398  return STATUS_SUCCESS;
399 
400  default:
401 
402  /* Bug check */
403  KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
404  }
405 
406  /* Should never reach here */
407  ASSERT(FALSE);
408  return STATUS_SUCCESS;
409 }
410 
425 VOID
426 NTAPI
430 {
431  *DesiredAccess = 0;
432 
435  {
437  }
438 
440  {
442  }
443 }
444 
458 VOID
459 NTAPI
463 {
464  *DesiredAccess = 0;
465 
467  {
469  }
470 
472  {
474  }
475 
477  {
479  }
480 }
481 
506 NTSTATUS
507 NTAPI
509  _In_ ULONG Flags,
511  _In_opt_ PSID UserSid,
512  _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
513 {
515  PTOKEN EffectiveToken;
516  PISID Sid;
518 
519  /* Validate parameters */
520  if ((Flags != 0) ||
521  (SourceName == NULL) ||
522  (SourceName->Buffer == NULL) ||
523  (SourceName->Length == 0) ||
524  (AuditParameters == NULL) ||
525  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
526  {
528  }
529 
530  /* Validate the source name */
532  if (!NT_SUCCESS(Status))
533  {
534  return Status;
535  }
536 
537  /* Check if we have a user SID */
538  if (UserSid != NULL)
539  {
540  /* Validate it */
541  if (!RtlValidSid(UserSid))
542  {
544  }
545 
546  /* Use the user SID */
547  Sid = UserSid;
548  }
549  else
550  {
551  /* No user SID, capture the security subject context */
553 
554  /* Extract the effective token */
555  EffectiveToken = SubjectContext.ClientToken ?
556  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
557 
558  /* Use the user-and-groups SID */
559  Sid = EffectiveToken->UserAndGroups->Sid;
560  }
561 
563 
564  /* Check if we captured the subject context */
565  if (Sid != UserSid)
566  {
567  /* Release it */
569  }
570 
571  /* Return success */
572  return STATUS_SUCCESS;
573 }
574 
597 _Const_
598 NTSTATUS
599 NTAPI
601  _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
604  _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
605 {
607  return STATUS_SUCCESS;
608 }
609 
610 /* EOF */
PSID SeAliasBackupOpsSid
Definition: setypes.h:1201
PSID SeAliasAdminsSid
Definition: setypes.h:1194
BOOLEAN NTAPI ExLuidInitialization(VOID)
Definition: uuid.c:325
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LUID SeEnableDelegationPrivilege
Definition: setypes.h:1207
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
LUID SeShutdownPrivilege
Definition: setypes.h:1177
LUID SeManageVolumePrivilege
Definition: setypes.h:1210
#define ExInitializeResource
Definition: exfuncs.h:346
const LUID SeSystemtimePrivilege
Definition: priv.c:29
#define _In_range_(lb, ub)
Definition: ms_sal.h:571
#define _In_opt_
Definition: ms_sal.h:309
#define _Inout_
Definition: ms_sal.h:378
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1984
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:243
#define _Out_
Definition: ms_sal.h:345
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
const LUID SeDebugPrivilege
Definition: priv.c:37
const LUID SeBackupPrivilege
Definition: priv.c:34
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
LUID SeDebugPrivilege
Definition: setypes.h:1178
PSID SeAuthenticatedUsersSid
Definition: setypes.h:1202
LUID SeChangeNotifyPrivilege
Definition: setypes.h:1181
LUID SeLockMemoryPrivilege
Definition: setypes.h:1162
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeEnableDelegationPrivilege
Definition: priv.c:44
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:69
PSID SeAliasBackupOpsSid
Definition: sid.c:46
PSID SeAnonymousLogonSid
Definition: setypes.h:1204
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
Definition: semgr.c:115
PSID SeAliasGuestsSid
Definition: setypes.h:1196
PSID SeRestrictedSid
Definition: sid.c:48
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
const LUID SeSystemProfilePrivilege
Definition: priv.c:28
#define WRITE_OWNER
Definition: nt_native.h:60
PSID SeAuthenticatedUsersSid
Definition: sid.c:47
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
PSID SeAliasPrintOpsSid
Definition: sid.c:45
PSID SeAliasAccountOpsSid
Definition: sid.c:43
const LUID SeSyncAgentPrivilege
Definition: priv.c:43
LUID SeUnsolicitedInputPrivilege
Definition: setypes.h:1164
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:107
PSID SeAliasSystemOpsSid
Definition: setypes.h:1199
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
LUID SeSecurityPrivilege
Definition: setypes.h:1166
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
PSID SeBatchSid
Definition: setypes.h:1191
SE_EXPORTS SepExports
Definition: semgr.c:22
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
PSID SeNullSid
Definition: setypes.h:1183
#define FALSE
Definition: types.h:117
PSE_EXPORTS SeExports
Definition: semgr.c:21
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSID SeCreatorGroupSid
Definition: sid.c:26
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:2134
PSID SeNtAuthoritySid
Definition: sid.c:29
#define GENERIC_WRITE
Definition: nt_native.h:90
LUID SeLoadDriverPrivilege
Definition: setypes.h:1168
LUID SeUndockPrivilege
Definition: setypes.h:1205
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1568
struct NameRec_ * Name
Definition: cdprocs.h:459
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117
unsigned char BOOLEAN
PSID SeNetworkServiceSid
Definition: sid.c:51
PSID SeNetworkServiceSid
Definition: setypes.h:1209
struct _ACL ACL
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
const LUID SeManageVolumePrivilege
Definition: priv.c:45
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID SeAliasPowerUsersSid
Definition: setypes.h:1197
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
LUID SeSystemEnvironmentPrivilege
Definition: setypes.h:1180
LUID SeProfileSingleProcessPrivilege
Definition: setypes.h:1173
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PSID SeDialupSid
Definition: setypes.h:1189
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
PSID SeAliasUsersSid
Definition: sid.c:40
PSID SeNetworkSid
Definition: setypes.h:1190
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
Status
Definition: gdiplustypes.h:24
static BOOLEAN SepInitExports(VOID)
Initializes all the security exports upon initialization phase of the module.
Definition: semgr.c:41
#define TAG_SE
Definition: tag.h:173
PSID SeAliasAccountOpsSid
Definition: setypes.h:1198
ULONG ExpInitializationPhase
Definition: init.c:66
LUID SeTcbPrivilege
Definition: setypes.h:1165
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
LUID SeImpersonatePrivilege
Definition: setypes.h:1211
#define ASSERT(a)
Definition: mode.c:44
LUID SeRemoteShutdownPrivilege
Definition: setypes.h:1182
const LUID SeRestorePrivilege
Definition: priv.c:35
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
INT POOL_TYPE
Definition: typedefs.h:78
_In_ WDFCOLLECTION _In_ ULONG Index
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:434
LUID SeCreatePermanentPrivilege
Definition: setypes.h:1174
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
Definition: semgr.c:168
Type
Definition: Type.h:6
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define WRITE_DAC
Definition: nt_native.h:59
PSID SeLocalServiceSid
Definition: sid.c:50
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:176
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
PSID SeAliasAdminsSid
Definition: sid.c:39
static const WCHAR L[]
Definition: oid.c:1250
PSID SeLocalServiceSid
Definition: setypes.h:1208
PSID SeCreatorOwnerSid
Definition: sid.c:25
#define _Inout_opt_
Definition: ms_sal.h:379
#define OBJ_PERMANENT
Definition: winternl.h:226
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85
ULONG SidInTokenCalls
Definition: semgr.c:23
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
PSID SeWorldSid
Definition: sid.c:23
#define _In_reads_(size)
Definition: ms_sal.h:319
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
NTSTATUS NTAPI SeReportSecurityEvent(_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
Report a security event to the security manager.
Definition: semgr.c:508
PSID SeLocalSid
Definition: sid.c:24
PSID SeAliasGuestsSid
Definition: sid.c:41
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
const LUID SeTcbPrivilege
Definition: priv.c:24
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60
LUID SeCreateGlobalPrivilege
Definition: setypes.h:1212
LUID SeBackupPrivilege
Definition: setypes.h:1175
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LUID SeIncreaseBasePriorityPrivilege
Definition: setypes.h:1170
PSID SeAliasUsersSid
Definition: setypes.h:1195
const LUID SeShutdownPrivilege
Definition: priv.c:36
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
PSID SeAliasPowerUsersSid
Definition: sid.c:42
LUID SeSystemtimePrivilege
Definition: setypes.h:1172
PSID SeDialupSid
Definition: sid.c:30
PSID SeCreatorOwnerSid
Definition: setypes.h:1186
PSID SeAliasSystemOpsSid
Definition: sid.c:44
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
LUID SeSyncAgentPrivilege
Definition: setypes.h:1206
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
Definition: semgr.c:285
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:520
const LUID SeSecurityPrivilege
Definition: priv.c:25
PSID SeNtAuthoritySid
Definition: setypes.h:1188
#define ACL_REVISION
Definition: setypes.h:39
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
LUID SeAuditPrivilege
Definition: setypes.h:1179
PSID SeLocalSystemSid
Definition: sid.c:36
PSID SeRestrictedSid
Definition: setypes.h:1203
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG ERESOURCE
Definition: env_spec_w32.h:594
PSID SeNetworkSid
Definition: sid.c:31
unsigned int ULONG
Definition: retypes.h:1
_Const_ NTSTATUS NTAPI SeSetAuditParameter(_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
Sets an array of audit parameters for later security auditing use.
Definition: semgr.c:600
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
NTSTATUS NTAPI SeDefaultObjectMethod(_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
Internal function that is responsible for querying, deleting, assigning and setting a security descri...
Definition: semgr.c:351
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define UNIMPLEMENTED
Definition: debug.h:115
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:215
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:23
#define MAX_FAST_REFS
Definition: ex.h:131
LUID SeIncreaseQuotaPrivilege
Definition: setypes.h:1163
LUID SeTakeOwnershipPrivilege
Definition: setypes.h:1167
PSID SeInteractiveSid
Definition: sid.c:33
PSID SeBatchSid
Definition: sid.c:32
PSID SeAnonymousLogonSid
Definition: se.h:159
LUID SeAssignPrimaryTokenPrivilege
Definition: setypes.h:1161
PSID SeWorldSid
Definition: setypes.h:1184
LUID SeRestorePrivilege
Definition: setypes.h:1176
#define STATUS_SUCCESS
Definition: shellext.h:65
PSID SeLocalSid
Definition: setypes.h:1185
const LUID SeUndockPrivilege
Definition: priv.c:42
ERESOURCE SepSubjectContextLock
Definition: access.c:16
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PSID SeCreatorGroupSid
Definition: setypes.h:1187
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:2202
PSID SeNullSid
Definition: sid.c:22
const LUID SeAuditPrivilege
Definition: priv.c:38
LUID SeSystemProfilePrivilege
Definition: setypes.h:1171
LUID SeCreatePagefilePrivilege
Definition: setypes.h:1169
SECURITY_OPERATION_CODE
Definition: setypes.h:157
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define _Const_
Definition: ms_sal.h:299
PSID SeAliasPrintOpsSid
Definition: setypes.h:1200
PSID SeLocalSystemSid
Definition: setypes.h:1193
#define PAGED_CODE()
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
PSID SeInteractiveSid
Definition: setypes.h:1192
LUID SeCreateTokenPrivilege
Definition: setypes.h:1160
_Out_ PHANDLE EventHandle
Definition: iofuncs.h:857