ReactOS 0.4.15-dev-7705-g2320c37
semgr.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Security manager infrastructure
5 * COPYRIGHT: Copyright Timo Kreuzer <timo.kreuzer@reactos.org>
6 * Copyright Eric Kohl
7 * Copyright Aleksey Bragin
8 * Copyright Alex Ionescu <alex@relsoft.net>
9 */
10
11/* INCLUDES *******************************************************************/
12
13#include <ntoskrnl.h>
14#define NDEBUG
15#include <debug.h>
16
17/* GLOBALS ********************************************************************/
18
24
27
28/* PRIVATE FUNCTIONS **********************************************************/
29
38static
39CODE_SEG("INIT")
42{
66
91
98
100 return TRUE;
101}
102
112CODE_SEG("INIT")
114NTAPI
116{
117 PAGED_CODE();
118
119 if (!ExLuidInitialization()) return FALSE;
120 if (!SepInitSecurityIDs()) return FALSE;
121 if (!SepInitDACLs()) return FALSE;
122 if (!SepInitSDs()) return FALSE;
124 if (!SepInitExports()) return FALSE;
125
126 /* Initialize the subject context lock */
128
129 /* Initialize token objects */
131
132 /* Initialize logon sessions */
133 if (!SeRmInitPhase0()) return FALSE;
134
135 /* Clear impersonation info for the idle thread */
136 PsGetCurrentThread()->ImpersonationInfo = NULL;
139
140 /* Initialize the boot token */
144
145 /* Initialise the anonymous logon tokens */
148 return FALSE;
149
152 return FALSE;
153
154 return TRUE;
155}
156
165CODE_SEG("INIT")
167NTAPI
169{
172 HANDLE SecurityHandle;
176 PACL Dacl;
177 ULONG DaclLength;
178
179 PAGED_CODE();
180
181 /* Insert the system token into the tree */
184 NULL,
185 0,
186 0,
187 NULL,
188 NULL);
190
191 /* Create a security descriptor for the directory */
193
194 /* Setup the ACL */
195 DaclLength = sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
200 if (Dacl == NULL)
201 {
202 return FALSE;
203 }
204
205 Status = RtlCreateAcl(Dacl, DaclLength, ACL_REVISION);
207
208 /* Grant full access to SYSTEM */
214
215 /* Allow admins to traverse and query */
221
222 /* Allow anyone to traverse */
226 SeWorldSid);
228
229 /* And link ACL and SD */
232
233 /* Create '\Security' directory */
234 RtlInitUnicodeString(&Name, L"\\Security");
236 &Name,
238 0,
240
241 Status = ZwCreateDirectoryObject(&SecurityHandle,
245
246 /* Free the DACL */
248
249 /* Create 'LSA_AUTHENTICATION_INITIALIZED' event */
250 RtlInitUnicodeString(&Name, L"LSA_AUTHENTICATION_INITIALIZED");
252 &Name,
254 SecurityHandle,
256
257 Status = ZwCreateEvent(&EventHandle,
261 FALSE);
263
266
267 Status = ZwClose(SecurityHandle);
269
270 return TRUE;
271}
272
282CODE_SEG("INIT")
284NTAPI
286{
287 /* Check the initialization phase */
289 {
290 case 0:
291
292 /* Do Phase 0 */
294
295 case 1:
296
297 /* Do Phase 1 */
299
300 default:
301
302 /* Don't know any other phase! Bugcheck! */
303 KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
304 0,
306 0,
307 0);
308 return FALSE;
309 }
310}
311
350NTAPI
353 _In_ SECURITY_OPERATION_CODE OperationType,
357 _Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
360{
361 PAGED_CODE();
362
363 /* Select the operation type */
364 switch (OperationType)
365 {
366 /* Setting a new descriptor */
367 case SetSecurityDescriptor:
368
369 /* Sanity check */
371
372 /* Set the information */
376 OldSecurityDescriptor,
377 PoolType,
379
380 case QuerySecurityDescriptor:
381
382 /* Query the information */
387 OldSecurityDescriptor);
388
389 case DeleteSecurityDescriptor:
390
391 /* De-assign it */
392 return ObDeassignSecurity(OldSecurityDescriptor);
393
394 case AssignSecurityDescriptor:
395
396 /* Assign it */
398 return STATUS_SUCCESS;
399
400 default:
401
402 /* Bug check */
403 KeBugCheckEx(SECURITY_SYSTEM, 0, STATUS_INVALID_PARAMETER, 0, 0);
404 }
405
406 /* Should never reach here */
407 ASSERT(FALSE);
408 return STATUS_SUCCESS;
409}
410
425VOID
426NTAPI
430{
431 *DesiredAccess = 0;
432
435 {
437 }
438
440 {
442 }
443}
444
458VOID
459NTAPI
463{
464 *DesiredAccess = 0;
465
467 {
469 }
470
472 {
474 }
475
477 {
479 }
480}
481
507NTAPI
511 _In_opt_ PSID UserSid,
512 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
513{
515 PTOKEN EffectiveToken;
516 PISID Sid;
518
519 /* Validate parameters */
520 if ((Flags != 0) ||
521 (SourceName == NULL) ||
522 (SourceName->Buffer == NULL) ||
523 (SourceName->Length == 0) ||
524 (AuditParameters == NULL) ||
525 (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
526 {
528 }
529
530 /* Validate the source name */
532 if (!NT_SUCCESS(Status))
533 {
534 return Status;
535 }
536
537 /* Check if we have a user SID */
538 if (UserSid != NULL)
539 {
540 /* Validate it */
541 if (!RtlValidSid(UserSid))
542 {
544 }
545
546 /* Use the user SID */
547 Sid = UserSid;
548 }
549 else
550 {
551 /* No user SID, capture the security subject context */
553
554 /* Extract the effective token */
555 EffectiveToken = SubjectContext.ClientToken ?
556 SubjectContext.ClientToken : SubjectContext.PrimaryToken;
557
558 /* Use the user-and-groups SID */
559 Sid = EffectiveToken->UserAndGroups->Sid;
560 }
561
563
564 /* Check if we captured the subject context */
565 if (Sid != UserSid)
566 {
567 /* Release it */
569 }
570
571 /* Return success */
572 return STATUS_SUCCESS;
573}
574
599NTAPI
601 _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
604 _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
605{
607 return STATUS_SUCCESS;
608}
609
610/* EOF */
#define PAGED_CODE()
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
unsigned char BOOLEAN
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Definition: Type.h:7
struct NameRec_ * Name
Definition: cdprocs.h:460
WCHAR SourceName[256]
Definition: arping.c:28
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
LONG NTSTATUS
Definition: precomp.h:26
#define UNIMPLEMENTED
Definition: debug.h:115
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define NonPagedPool
Definition: env_spec_w32.h:307
ULONG ERESOURCE
Definition: env_spec_w32.h:594
#define PagedPool
Definition: env_spec_w32.h:308
#define MAX_FAST_REFS
Definition: ex.h:133
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
Status
Definition: gdiplustypes.h:25
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define OBJ_PERMANENT
Definition: winternl.h:226
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
struct _ACL ACL
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
#define _Inout_
Definition: ms_sal.h:378
#define _Inout_opt_
Definition: ms_sal.h:379
#define _Out_
Definition: ms_sal.h:345
#define _In_
Definition: ms_sal.h:308
#define _In_opt_
Definition: ms_sal.h:309
#define _Const_
Definition: ms_sal.h:299
#define _In_range_(lb, ub)
Definition: ms_sal.h:571
#define _In_reads_(size)
Definition: ms_sal.h:319
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2605
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
#define WRITE_DAC
Definition: nt_native.h:59
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define READ_CONTROL
Definition: nt_native.h:58
#define WRITE_OWNER
Definition: nt_native.h:60
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
#define GENERIC_WRITE
Definition: nt_native.h:90
@ NotificationEvent
BOOLEAN NTAPI ExLuidInitialization(VOID)
Definition: uuid.c:325
PSID SeLocalSystemSid
Definition: sid.c:38
const LUID SeDebugPrivilege
Definition: priv.c:39
PSID SeAliasAccountOpsSid
Definition: sid.c:45
const LUID SeSyncAgentPrivilege
Definition: priv.c:45
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1649
const LUID SeSystemProfilePrivilege
Definition: priv.c:30
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
PSID SeRestrictedSid
Definition: sid.c:50
const LUID SeBackupPrivilege
Definition: priv.c:36
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1753
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
PSID SeNetworkServiceSid
Definition: sid.c:53
PSID SeBatchSid
Definition: sid.c:34
const LUID SeSystemtimePrivilege
Definition: priv.c:31
PSID SeAliasAdminsSid
Definition: sid.c:41
PSID SeAnonymousLogonSid
Definition: se.h:213
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:176
const LUID SeTcbPrivilege
Definition: priv.c:26
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
PSID SeAliasPowerUsersSid
Definition: sid.c:44
PSID SeInteractiveSid
Definition: sid.c:35
PSID SeWorldSid
Definition: sid.c:25
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1938
const LUID SeManageVolumePrivilege
Definition: priv.c:47
const LUID SeRestorePrivilege
Definition: priv.c:37
PSID SeNetworkSid
Definition: sid.c:33
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:115
PSID SeCreatorGroupSid
Definition: sid.c:28
PSID SeNtAuthoritySid
Definition: sid.c:31
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:43
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1868
PSID SeLocalSid
Definition: sid.c:26
PSID SeDialupSid
Definition: sid.c:32
const LUID SeUndockPrivilege
Definition: priv.c:44
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
PSID SeCreatorOwnerSid
Definition: sid.c:27
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
const LUID SeShutdownPrivilege
Definition: priv.c:38
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
PSID SeAliasUsersSid
Definition: sid.c:42
const LUID SeSecurityPrivilege
Definition: priv.c:27
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:25
PSID SeAliasBackupOpsSid
Definition: sid.c:48
const LUID SeEnableDelegationPrivilege
Definition: priv.c:46
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
PSID SeAliasGuestsSid
Definition: sid.c:43
PSID SeAliasSystemOpsSid
Definition: sid.c:46
const LUID SeAuditPrivilege
Definition: priv.c:40
PSID SeAliasPrintOpsSid
Definition: sid.c:47
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
PSID SeLocalServiceSid
Definition: sid.c:52
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:71
PSID SeNullSid
Definition: sid.c:24
#define L(x)
Definition: ntvdm.h:50
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: obsecure.c:60
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
Definition: obsecure.c:20
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
Definition: obsecure.c:117
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
Definition: obsecure.c:85
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
ULONG ExpInitializationPhase
Definition: init.c:68
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
Definition: semgr.c:285
NTSTATUS NTAPI SeReportSecurityEvent(_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
Report a security event to the security manager.
Definition: semgr.c:508
ULONG SidInTokenCalls
Definition: semgr.c:23
PSE_EXPORTS SeExports
Definition: semgr.c:21
_Const_ NTSTATUS NTAPI SeSetAuditParameter(_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
Sets an array of audit parameters for later security auditing use.
Definition: semgr.c:600
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
Definition: semgr.c:168
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20
static BOOLEAN SepInitExports(VOID)
Initializes all the security exports upon initialization phase of the module.
Definition: semgr.c:41
ERESOURCE SepSubjectContextLock
Definition: subject.c:16
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
Definition: semgr.c:115
SE_EXPORTS SepExports
Definition: semgr.c:22
#define STATUS_SUCCESS
Definition: shellext.h:65
PSID SeInteractiveSid
Definition: setypes.h:1227
PSID SeCreatorGroupSid
Definition: setypes.h:1222
LUID SeUnsolicitedInputPrivilege
Definition: setypes.h:1199
LUID SeIncreaseBasePriorityPrivilege
Definition: setypes.h:1205
LUID SeAssignPrimaryTokenPrivilege
Definition: setypes.h:1196
PSID SeAliasAdminsSid
Definition: setypes.h:1229
LUID SeUndockPrivilege
Definition: setypes.h:1240
LUID SeLoadDriverPrivilege
Definition: setypes.h:1203
LUID SeLockMemoryPrivilege
Definition: setypes.h:1197
PSID SeAliasUsersSid
Definition: setypes.h:1230
PSID SeNetworkSid
Definition: setypes.h:1225
LUID SeProfileSingleProcessPrivilege
Definition: setypes.h:1208
LUID SeIncreaseQuotaPrivilege
Definition: setypes.h:1198
PSID SeNullSid
Definition: setypes.h:1218
LUID SeEnableDelegationPrivilege
Definition: setypes.h:1242
PSID SeAliasSystemOpsSid
Definition: setypes.h:1234
PSID SeCreatorOwnerSid
Definition: setypes.h:1221
LUID SeAuditPrivilege
Definition: setypes.h:1214
LUID SeRestorePrivilege
Definition: setypes.h:1211
LUID SeTakeOwnershipPrivilege
Definition: setypes.h:1202
LUID SeSystemtimePrivilege
Definition: setypes.h:1207
LUID SeSecurityPrivilege
Definition: setypes.h:1201
PSID SeAliasGuestsSid
Definition: setypes.h:1231
PSID SeAuthenticatedUsersSid
Definition: setypes.h:1237
PSID SeAliasPrintOpsSid
Definition: setypes.h:1235
LUID SeTcbPrivilege
Definition: setypes.h:1200
LUID SeSystemProfilePrivilege
Definition: setypes.h:1206
PSID SeDialupSid
Definition: setypes.h:1224
PSID SeAnonymousLogonSid
Definition: setypes.h:1239
LUID SeBackupPrivilege
Definition: setypes.h:1210
PSID SeRestrictedSid
Definition: setypes.h:1238
PSID SeAliasAccountOpsSid
Definition: setypes.h:1233
PSID SeLocalSid
Definition: setypes.h:1220
LUID SeDebugPrivilege
Definition: setypes.h:1213
PSID SeNetworkServiceSid
Definition: setypes.h:1244
LUID SeCreateGlobalPrivilege
Definition: setypes.h:1247
LUID SeCreatePagefilePrivilege
Definition: setypes.h:1204
LUID SeShutdownPrivilege
Definition: setypes.h:1212
PSID SeWorldSid
Definition: setypes.h:1219
LUID SeImpersonatePrivilege
Definition: setypes.h:1246
PSID SeNtAuthoritySid
Definition: setypes.h:1223
LUID SeChangeNotifyPrivilege
Definition: setypes.h:1216
PSID SeBatchSid
Definition: setypes.h:1226
PSID SeAliasBackupOpsSid
Definition: setypes.h:1236
LUID SeSyncAgentPrivilege
Definition: setypes.h:1241
LUID SeSystemEnvironmentPrivilege
Definition: setypes.h:1215
LUID SeCreateTokenPrivilege
Definition: setypes.h:1195
PSID SeLocalServiceSid
Definition: setypes.h:1243
PSID SeAliasPowerUsersSid
Definition: setypes.h:1232
LUID SeManageVolumePrivilege
Definition: setypes.h:1245
PSID SeLocalSystemSid
Definition: setypes.h:1228
LUID SeCreatePermanentPrivilege
Definition: setypes.h:1209
LUID SeRemoteShutdownPrivilege
Definition: setypes.h:1217
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
#define TAG_SE
Definition: tag.h:150
uint32_t * PULONG
Definition: typedefs.h:59
INT POOL_TYPE
Definition: typedefs.h:78
#define NTAPI
Definition: typedefs.h:36
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define ExInitializeResource
Definition: exfuncs.h:346
_Out_ PHANDLE EventHandle
Definition: iofuncs.h:857
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
SECURITY_OPERATION_CODE
Definition: setypes.h:170
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define ACL_REVISION
Definition: setypes.h:39
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:256