ReactOS  0.4.15-dev-2738-gbe65a85
semgr.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: ntoskrnl/se/semgr.c
5  * PURPOSE: Security manager
6  *
7  * PROGRAMMERS: No programmer listed.
8  */
9 
10 /* INCLUDES *******************************************************************/
11 
12 #include <ntoskrnl.h>
13 #define NDEBUG
14 #include <debug.h>
15 
16 /* GLOBALS ********************************************************************/
17 
23 
26 
27 /* PRIVATE FUNCTIONS **********************************************************/
28 
29 static
30 CODE_SEG("INIT")
31 BOOLEAN
33 {
57 
82 
89 
91  return TRUE;
92 }
93 
94 
95 CODE_SEG("INIT")
96 BOOLEAN
97 NTAPI
99 {
100  PAGED_CODE();
101 
102  if (!ExLuidInitialization()) return FALSE;
103  if (!SepInitSecurityIDs()) return FALSE;
104  if (!SepInitDACLs()) return FALSE;
105  if (!SepInitSDs()) return FALSE;
107  if (!SepInitExports()) return FALSE;
108 
109  /* Initialize the subject context lock */
111 
112  /* Initialize token objects */
114 
115  /* Initialize logon sessions */
116  if (!SeRmInitPhase0()) return FALSE;
117 
118  /* Clear impersonation info for the idle thread */
119  PsGetCurrentThread()->ImpersonationInfo = NULL;
122 
123  /* Initialize the boot token */
127 
128  /* Initialise the anonymous logon tokens */
131  return FALSE;
132 
135  return FALSE;
136 
137  return TRUE;
138 }
139 
140 CODE_SEG("INIT")
141 BOOLEAN
142 NTAPI
144 {
147  HANDLE SecurityHandle;
151  PACL Dacl;
152  ULONG DaclLength;
153 
154  PAGED_CODE();
155 
156  /* Insert the system token into the tree */
158  ~MAX_FAST_REFS),
159  NULL,
160  0,
161  0,
162  NULL,
163  NULL);
165 
166  /* Create a security descriptor for the directory */
168 
169  /* Setup the ACL */
170  DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
175  if (Dacl == NULL)
176  {
177  return FALSE;
178  }
179 
180  Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
182 
183  /* Grant full access to SYSTEM */
185  ACL_REVISION,
189 
190  /* Allow admins to traverse and query */
192  ACL_REVISION,
196 
197  /* Allow anyone to traverse */
199  ACL_REVISION,
201  SeWorldSid);
203 
204  /* And link ACL and SD */
207 
208  /* Create '\Security' directory */
209  RtlInitUnicodeString(&Name, L"\\Security");
211  &Name,
213  0,
215 
216  Status = ZwCreateDirectoryObject(&SecurityHandle,
220 
221  /* Free the DACL */
223 
224  /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */
225  RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED");
227  &Name,
229  SecurityHandle,
231 
232  Status = ZwCreateEvent(&EventHandle,
236  FALSE);
238 
241 
242  Status = ZwClose(SecurityHandle);
244 
245  return TRUE;
246 }
247 
248 CODE_SEG("INIT")
249 BOOLEAN
250 NTAPI
252 {
253  /* Check the initialization phase */
254  switch (ExpInitializationPhase)
255  {
256  case 0:
257 
258  /* Do Phase 0 */
259  return SepInitializationPhase0();
260 
261  case 1:
262 
263  /* Do Phase 1 */
264  return SepInitializationPhase1();
265 
266  default:
267 
268  /* Don't know any other phase! Bugcheck! */
269  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
270  0,
272  0,
273  0);
274  return FALSE;
275  }
276 }
277 
278 NTSTATUS
279 NTAPI
281  IN SECURITY_OPERATION_CODE OperationType,
285  IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
288 {
289  PAGED_CODE();
290 
291  /* Select the operation type */
292  switch (OperationType)
293  {
294  /* Setting a new descriptor */
295  case SetSecurityDescriptor:
296 
297  /* Sanity check */
299 
300  /* Set the information */
304  OldSecurityDescriptor,
305  PoolType,
307 
308  case QuerySecurityDescriptor:
309 
310  /* Query the information */
314  ReturnLength,
315  OldSecurityDescriptor);
316 
317  case DeleteSecurityDescriptor:
318 
319  /* De-assign it */
320  return ObDeassignSecurity(OldSecurityDescriptor);
321 
322  case AssignSecurityDescriptor:
323 
324  /* Assign it */
326  return STATUS_SUCCESS;
327 
328  default:
329 
330  /* Bug check */
331  KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
332  }
333 
334  /* Should never reach here */
335  ASSERT(FALSE);
336  return STATUS_SUCCESS;
337 }
338 
339 VOID
340 NTAPI
343 {
344  *DesiredAccess = 0;
345 
348  {
350  }
351 
353  {
355  }
356 }
357 
358 VOID
359 NTAPI
362 {
363  *DesiredAccess = 0;
364 
366  {
368  }
369 
371  {
373  }
374 
376  {
378  }
379 }
380 
381 NTSTATUS
382 NTAPI
384  _In_ ULONG Flags,
386  _In_opt_ PSID UserSid,
387  _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
388 {
390  PTOKEN EffectiveToken;
391  PISID Sid;
393 
394  /* Validate parameters */
395  if ((Flags != 0) ||
396  (SourceName == NULL) ||
397  (SourceName->Buffer == NULL) ||
398  (SourceName->Length == 0) ||
399  (AuditParameters == NULL) ||
400  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
401  {
403  }
404 
405  /* Validate the source name */
407  if (!NT_SUCCESS(Status))
408  {
409  return Status;
410  }
411 
412  /* Check if we have a user SID */
413  if (UserSid != NULL)
414  {
415  /* Validate it */
416  if (!RtlValidSid(UserSid))
417  {
419  }
420 
421  /* Use the user SID */
422  Sid = UserSid;
423  }
424  else
425  {
426  /* No user SID, capture the security subject context */
428 
429  /* Extract the effective token */
430  EffectiveToken = SubjectContext.ClientToken ?
431  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
432 
433  /* Use the user-and-groups SID */
434  Sid = EffectiveToken->UserAndGroups->Sid;
435  }
436 
438 
439  /* Check if we captured the subject context */
440  if (Sid != UserSid)
441  {
442  /* Release it */
444  }
445 
446  /* Return success */
447  return STATUS_SUCCESS;
448 }
449 
450 _Const_
451 NTSTATUS
452 NTAPI
454  _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
457  _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
458 {
460  return STATUS_SUCCESS;
461 }
462 
463 /* EOF */
PSID SeAliasBackupOpsSid
Definition: setypes.h:1182
PSID SeAliasAdminsSid
Definition: setypes.h:1175
BOOLEAN NTAPI ExLuidInitialization(VOID)
Definition: uuid.c:325
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:41
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LUID SeEnableDelegationPrivilege
Definition: setypes.h:1188
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define IN
Definition: typedefs.h:39
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
LUID SeShutdownPrivilege
Definition: setypes.h:1158
LUID SeManageVolumePrivilege
Definition: setypes.h:1191
#define ExInitializeResource
Definition: exfuncs.h:346
const LUID SeSystemtimePrivilege
Definition: priv.c:29
#define _In_range_(l, h)
Definition: no_sal2.h:368
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1508
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:228
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
const LUID SeDebugPrivilege
Definition: priv.c:37
const LUID SeBackupPrivilege
Definition: priv.c:34
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
LUID SeDebugPrivilege
Definition: setypes.h:1159
PSID SeAuthenticatedUsersSid
Definition: setypes.h:1183
LUID SeChangeNotifyPrivilege
Definition: setypes.h:1162
LUID SeLockMemoryPrivilege
Definition: setypes.h:1143
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeEnableDelegationPrivilege
Definition: priv.c:44
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SepInitPrivileges(VOID)
Definition: priv.c:60
PSID SeAliasBackupOpsSid
Definition: sid.c:50
PSID SeAnonymousLogonSid
Definition: setypes.h:1185
#define _Const_
Definition: no_sal2.h:58
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:98
PSID SeAliasGuestsSid
Definition: setypes.h:1177
PSID SeRestrictedSid
Definition: sid.c:52
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
VOID NTAPI SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:341
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
const LUID SeSystemProfilePrivilege
Definition: priv.c:28
#define WRITE_OWNER
Definition: nt_native.h:60
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
PSID SeAliasPrintOpsSid
Definition: sid.c:49
PSID SeAliasAccountOpsSid
Definition: sid.c:47
const LUID SeSyncAgentPrivilege
Definition: priv.c:43
#define _In_opt_
Definition: no_sal2.h:212
LUID SeUnsolicitedInputPrivilege
Definition: setypes.h:1145
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Definition: sid.c:96
PSID SeAliasSystemOpsSid
Definition: setypes.h:1180
BOOLEAN NTAPI SepInitDACLs(VOID)
Definition: acl.c:31
LUID SeSecurityPrivilege
Definition: setypes.h:1147
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
PSID SeBatchSid
Definition: setypes.h:1172
SE_EXPORTS SepExports
Definition: semgr.c:21
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:19
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
PSID SeNullSid
Definition: setypes.h:1164
#define FALSE
Definition: types.h:117
PSE_EXPORTS SeExports
Definition: semgr.c:20
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSID SeCreatorGroupSid
Definition: sid.c:30
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1658
PSID SeNtAuthoritySid
Definition: sid.c:33
#define GENERIC_WRITE
Definition: nt_native.h:90
LUID SeLoadDriverPrivilege
Definition: setypes.h:1149
LUID SeUndockPrivilege
Definition: setypes.h:1186
VOID NTAPI SepInitializeTokenImplementation(VOID)
Definition: token.c:1189
struct NameRec_ * Name
Definition: cdprocs.h:459
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117
unsigned char BOOLEAN
PSID SeNetworkServiceSid
Definition: sid.c:55
PSID SeNetworkServiceSid
Definition: setypes.h:1190
struct _ACL ACL
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
const LUID SeManageVolumePrivilege
Definition: priv.c:45
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID SeAliasPowerUsersSid
Definition: setypes.h:1178
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
LUID SeSystemEnvironmentPrivilege
Definition: setypes.h:1161
LUID SeProfileSingleProcessPrivilege
Definition: setypes.h:1154
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PSID SeDialupSid
Definition: setypes.h:1170
CODE_SEG("INIT")
Definition: Interface.c:1810
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
PSID SeAliasUsersSid
Definition: sid.c:44
PSID SeNetworkSid
Definition: setypes.h:1171
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
Status
Definition: gdiplustypes.h:24
static BOOLEAN SepInitExports(VOID)
Definition: semgr.c:32
#define TAG_SE
Definition: tag.h:173
PSID SeAliasAccountOpsSid
Definition: setypes.h:1179
ULONG ExpInitializationPhase
Definition: init.c:66
LUID SeTcbPrivilege
Definition: setypes.h:1146
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
LUID SeImpersonatePrivilege
Definition: setypes.h:1192
#define ASSERT(a)
Definition: mode.c:44
LUID SeRemoteShutdownPrivilege
Definition: setypes.h:1163
const LUID SeRestorePrivilege
Definition: priv.c:35
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
INT POOL_TYPE
Definition: typedefs.h:78
_In_ WDFCOLLECTION _In_ ULONG Index
NTSTATUS NTAPI SeDefaultObjectMethod(IN PVOID Object, IN SECURITY_OPERATION_CODE OperationType, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG ReturnLength OPTIONAL, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: semgr.c:280
LUID SeCreatePermanentPrivilege
Definition: setypes.h:1155
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:143
Type
Definition: Type.h:6
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define WRITE_DAC
Definition: nt_native.h:59
PSID SeLocalServiceSid
Definition: sid.c:54
#define _Inout_
Definition: no_sal2.h:162
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
VOID NTAPI SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
Definition: semgr.c:360
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Definition: srm.c:173
PSID SeAliasAdminsSid
Definition: sid.c:43
static const WCHAR L[]
Definition: oid.c:1250
PSID SeLocalServiceSid
Definition: setypes.h:1189
PSID SeCreatorOwnerSid
Definition: sid.c:29
#define OBJ_PERMANENT
Definition: winternl.h:226
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85
ULONG SidInTokenCalls
Definition: semgr.c:22
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
PSID SeWorldSid
Definition: sid.c:27
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
NTSTATUS NTAPI SeReportSecurityEvent(_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
Definition: semgr.c:383
PSID SeLocalSid
Definition: sid.c:28
PSID SeAliasGuestsSid
Definition: sid.c:45
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
const LUID SeTcbPrivilege
Definition: priv.c:24
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60
#define _In_
Definition: no_sal2.h:158
LUID SeCreateGlobalPrivilege
Definition: setypes.h:1193
LUID SeBackupPrivilege
Definition: setypes.h:1156
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LUID SeIncreaseBasePriorityPrivilege
Definition: setypes.h:1151
PSID SeAliasUsersSid
Definition: setypes.h:1176
const LUID SeShutdownPrivilege
Definition: priv.c:36
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
PSID SeAliasPowerUsersSid
Definition: sid.c:46
LUID SeSystemtimePrivilege
Definition: setypes.h:1153
PSID SeDialupSid
Definition: sid.c:34
PSID SeCreatorOwnerSid
Definition: setypes.h:1167
PSID SeAliasSystemOpsSid
Definition: sid.c:48
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
LUID SeSyncAgentPrivilege
Definition: setypes.h:1187
BOOLEAN NTAPI SeInitSystem(VOID)
Definition: semgr.c:251
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20
const LUID SeSecurityPrivilege
Definition: priv.c:25
PSID SeNtAuthoritySid
Definition: setypes.h:1169
#define ACL_REVISION
Definition: setypes.h:39
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
LUID SeAuditPrivilege
Definition: setypes.h:1160
PSID SeLocalSystemSid
Definition: sid.c:40
PSID SeRestrictedSid
Definition: setypes.h:1184
#define OUT
Definition: typedefs.h:40
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG ERESOURCE
Definition: env_spec_w32.h:594
PSID SeNetworkSid
Definition: sid.c:35
unsigned int ULONG
Definition: retypes.h:1
_Const_ NTSTATUS NTAPI SeSetAuditParameter(_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
Definition: semgr.c:453
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:18
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define UNIMPLEMENTED
Definition: debug.h:115
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:215
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:23
#define MAX_FAST_REFS
Definition: ex.h:131
LUID SeIncreaseQuotaPrivilege
Definition: setypes.h:1144
LUID SeTakeOwnershipPrivilege
Definition: setypes.h:1148
PSID SeInteractiveSid
Definition: sid.c:37
PSID SeBatchSid
Definition: sid.c:36
PSID SeAnonymousLogonSid
Definition: se.h:155
LUID SeAssignPrimaryTokenPrivilege
Definition: setypes.h:1142
PSID SeWorldSid
Definition: setypes.h:1165
LUID SeRestorePrivilege
Definition: setypes.h:1157
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PSID SeLocalSid
Definition: setypes.h:1166
const LUID SeUndockPrivilege
Definition: priv.c:42
#define _In_reads_(s)
Definition: no_sal2.h:168
ERESOURCE SepSubjectContextLock
Definition: access.c:19
PSID SeCreatorGroupSid
Definition: setypes.h:1168
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1726
PSID SeNullSid
Definition: sid.c:26
const LUID SeAuditPrivilege
Definition: priv.c:38
LUID SeSystemProfilePrivilege
Definition: setypes.h:1152
LUID SeCreatePagefilePrivilege
Definition: setypes.h:1150
SECURITY_OPERATION_CODE
Definition: setypes.h:142
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
PSID SeAliasPrintOpsSid
Definition: setypes.h:1181
PSID SeLocalSystemSid
Definition: setypes.h:1174
#define PAGED_CODE()
BOOLEAN NTAPI SepInitSDs(VOID)
Definition: sd.c:31
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
PSID SeInteractiveSid
Definition: setypes.h:1173
LUID SeCreateTokenPrivilege
Definition: setypes.h:1141
_Out_ PHANDLE EventHandle
Definition: iofuncs.h:857
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68